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ABSTRACT 


Military  C4I  facilities  form  an  enormous  network  of 
distributed,  heterogeneous  computers.  Operating  these 
computers  such  that  commanders  can  exploit  their  computing 
power  effectively  requires  a  resource  management  system. 
Management  System  for  Heterogeneous  Networks  (MSHN)  is  a 
program  under  development  specifically  designed  to  address 
this  need. 

Security  for  distributed  computing  systems  is  of 
particular  importance  to  the  Department  of  Defense . 
Previously  developed  resource  management  systems  have 
largely  neglected  the  issue  of  security.  This  thesis 
proposes  a  security  architecture  through  which  MSHN  can 
achieve  its  goal  of  providing  optimal  usage  of  computing 
resources  while  simultaneously  providing  security 
commensurate  with  the  software  and  data  processed. 

A  demonstration  of  the  security  framework  was  created 
using  Intel  Corporation's  Common  Data  Security  Architecture 
(CDSA) .  CDSA  provided  the  cryptographic  mechanisms  required 
to  build  the  security  framework. 


V 


VI 


TABLE  OF  CONTENTS 


L  INTRODUCTION . . . 1 

A.  PURPOSE . 1 

B.  MOTIVATION . 2 

C.  ORGANIZATION . 3 

L  Distributed  Computing . 3 

2.  Management  System  for  Heterogeneous  Networks . 3 

3.  Essentials  of  Secure  Systems . 4 

4. CDSA . 4 

5.  Security  Enhanced  MSHN  Architecture . 4 

6.  Recommendations  and  Conclusions . 4 

n.  DISTRIBUTED  COMPUTING . 5 

A.  JOINT  VISION  2010 . 6 

B.  C4I  FOR  THE  WARRIOR:  JOINT  PUB  6 . 7 

C. C3ISIM:  A  CASE  STUDY . 9 

D.  SUMMARY . 13 

m.  MANAGEMENT  SYSTEM  FOR  HETEROGENEOUS  NETWORKS  (MSHN) . 15 

A.  PURPOSE . 15 

B.  MSHN  PROPOSED  ARCHITECTURE . 17 

L  Client  Library . 18 

2.  Scheduling  Server . 18 

3.  Resource  Requirements  Database . 19 

4.  Resource  Status  Server . 20 

C.  SUMMARY . 21 

IV.  ESSENTIALS  OF  SECURE  SYSTEMS _ 23 

A.  THE  GOLDEN  TRIANGLE  OF  INFORMATION  SECURITY . 23 

L  Secrecy: . 23 

2.  Integrity: . 23 

3,  Availability: . 23 

B.  BUILDING  A  TRUSTED  COMPUTER  SYSTEM . 24 

7.  Security  Policy . 24 

2.  Accountability . 25 

a)  Identification . 25 

b)  Authentication . 25 

c)  Audit . 26 

3,  Assurance . 27 

a)  Life-Cycle  Assurance . 27 

b)  Operational  Assurance . 27 

C.  REFERENCE  MONITOR  CONCEPT . 28 

D.  SECURITY  MECHANISMS . 30 

L  Identification  and  Authentication . 30 

2  Cryptography . 31 

a)  Symmetric  Key  technology . 32 

b)  Asymmetric  Key  Technology . 33 

c)  Digital  Signatures . 37 


vii 


d)  Digital  Certificates . 39 

E.  SUMMARY . 41 

V.  COMMON  DATA  SECURITY  ARCHITECTURE . . . 43 

A.  SYSTEM  SECURITY  SERVICES . 45 

B.  COMMON  SECURITY  SERVICES  MANAGER  (CSSM) . 46 

L  CSSM  Security  API . 47 

2,  CSSM  Core  Services . 48 

a)  Security  Context  Management . 48 

b)  General  Module  Management . 49 

c)  Integrity  Services . 49 

d)  Memory  Management . 50 

3.  Module  Managers . -51 

C.  SECURITY  ADD-IN  MODULES . 51 

1.  Cryptographic  Service  Provider  Module . 51 

2.  Trust  Policy  Module . 53 

3.  Certificate  Library  Module . 53 

4.  Data  Storage  Library  Module . 54 

D.  SUMMARY . 55 

VI.  SECURITY  ENHANCED  MSHN  ARCHITECTURE . 57 

A.  ASSUMPTIONS . - -  ‘57 

1.  Application  Level  Security . 57 

2.  User  Identification  and  Authentication . 58 

3.  Public  Key  Infrastructure . 58 

4.  Compute  Resources . 60 

5.  Client  Library . 60 

6.  User  Intent . 61 

B.  MSHN  SECURITY  POLICY . 61 

C.  DOMAIN  FRAMEWORK . 62 

D.  MSHN  SECURITY  MECHANISMS . 64 

E.  REVISED  ARCHITECTURE . 67 

7.  Security  Modules . 68 

2.  Key  Storage  Service . 68 

5.  Audit  Server . 69 

F.  MSHN  EXECUTION  SCENARIO . 69 

7.  Initialization . ^0 

2.  MSHN  Job  Request . 77 

3.  Scheduling . 72 

4.  Application  Execution . 75 

G.  PROTOTYPE  IMPLEMENTATION  ARCHITECTURE . 75 

7.  MSHN  Security  Layer . 75 

2.  MSHN  SECURITY  SERVICES . 76 

a)  mshn_sljnit: . 76 

b)  mshn__sl_create_cert: . 76 

c)  mshn_sl__get_cert: . 76 

d)  mshn_sl_cert__verify: . 77 

e)  mshn_sl__cert_revoked: . 77 

f)  mshn_sl_get_public_key: . 77 

g)  mshn_sl_jet_private_key . . 77 

h)  mshn_sl_put_audit: . 77 

i)  mshn_sl_encrypt: . 77 


viii 


j)  mshn_sl_decrypt: . 78 

k)  mshn_sl_syin_key _gen: . 78 

l)  mshn_sl_asym_key_gen: . .....78 

m)  mshn_sl_digest: . 78 

n)  mshn_sl_sign: . 78 

o)  mshn_sl_sig_verify . 78 

H.  PROTOTYPE  DEMONSTRATION . 78 

7.  Client . 79 

2.  Resource. . 79 

3.  MSHN  Core:  Scheduler,  RSS  &  RRD . 80 

I.  SUMMARY . 80 

Vn.  RECOMMENDATIONS  AND  CONCLUSIONS _ 81 

A.  RECOMMENDATIONS . 81 

B.  SUMMARY  AND  CONCLUSIONS . 82 

APPENDIX  A.  MSHN  SECURITY  LAYER  SOURCE  CODE _ 83 

APPENDIX  B.  MSHN  DEMONSTRATION  SOURCE  CODE _ 117 

APPENDIX  C.  MSHN  DEMONSTRATION  OPERATING  INSTRUCTIONS _ 247 

LIST  OF  REFERENCES _ 261 


INITIAL  DISTRIBUTION  LIST 


.265 


X 


LIST  OF  FIGURES 


Figure  1  Tenets  of  JV  2010  [Ref.  2] . 6 

Figure  2  Overview  of  MSHN  Runtime  Architecture  [Ref.  6]  ..21 

Figure  3  Reference  Monitor  Concept . 28 

Figure  4  Symmetric  Key  Cryptography . 32 

Figure  5  Asymmetric  Key  Cryptography . 33 

Figure  6  Cross  Certification . 40 

Figure  7  Common  Data  Security  Architecture  [Ref.  12] . 45 

Figure  8  CSSM  Services  [Ref.  12] . 47 

Figure  9  MSHN  Domain  Framework . 63 

Figure  10  PKI  Authentication  Protocol . 65 

Figure  11  MSHN  Core  Component  Session  Key  Distribution. .. 66 
Figure  12  MSHN  Revised  Architecture . 67 


XI 


Xll 


ACKNOWLEDGEMENT 


The  author  gratefully  acknowledges  the  advice  and 
support  of  Dr.  Cynthia  Irvine  and  David  Shifflett.  Their 
assistance  and  guidance  proved  to  be  essential  in  the 
completion  of  this  thesis.  Dr.  D.  Hensgen  provided 

essential  insights  regarding  the  architecture  of  the  MSHN 
VHM.  I  would  also  like  to  thank  Dan  Warren  for  sparking  my 
interest  in  computer  security.  Finally,  a  heartfelt  thanks 
is  offered  to  my  wife  and  children,  who  supported  me 
throughout  this  effort. 


Xlll 


XIV 


EXECUTIVE  SUMMARY 


Military  C4I  facilities  form  an  enormous  network  of 
distributed,  heterogeneous  computers.  Operating  these 
computers  such  that  commanders  can  exploit  their  computing 
power  effectively  requires  a  resource  management  system. 
Management  System  for  Heterogeneous  Networks  (MSHN)  is  a 
program  under  development  specifically  designed  to  address 
this  need. 

Security  for  distributed  computing  systems  is  of 
particular  importance  to  the  Department  of  Defense. 
Previously  developed  resource  management  systems  have 
largely  neglected  the  issue  of  security.  This  thesis 
proposes  a  security  architecture  through  which  MSHN  can 
achieve  its  goal  of  providing  optimal  usage  of  computing 
resources  while  simultaneously  providing  security 
commensurate  with  the  software  and  data  processed. 

A  demonstration  of  the  security  framework  was  created 
using  Intel  Corporation's  Common  Data  Security  Architecture 
(CDSA) .  CDSA  provided  the  cryptographic  mechanisms  required 
to  build  the  security  framework.  CDSA  is  a  layered 
architecture  that  presents  a  common  interface  through  which 
application  programmers  and  cryptographic  hardware/sof tware 
vendors  can  develop  their  respective  products  independently, 
yet  be  assured  they  will  work  together  properly  when 
integrated. 
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CDSA  is  fundamentally  dependent  upon  a  Public/Private 
Key  Infrastructure  (PKI) .  CDSA  assumes  that  user  identities 
will  be  encoded  in  the  form  of  digital  certificates. 
Digital  signature  and  encryption  mechanisms  provided  by  CDSA 
form  the  basis  for  the  security  architecture  proposed  for 
MSHN. 

The  security  framework  for  MSHN  has  resulted  in  the 
specification  of  a  MSHN  security  layer  which  defines  the 
interface  through  which  MSHN  components  access  security 
mechanisms.  The  MSHN  security  layer  provides  services  for 
encryption,  decryption,  digital  signatures  and  verification, 
certificate  creation,  verification  and  revocation,  and  other 
security-relevant  functions . 

The  security- enhanced  MSHN  architecture  uses  the 
security  framework  to  guarantee  integrity  and 
confidentiality  of  communications  between  the  user,  MSHN 
components,  and  the  computing  resources  running  user 
applications. 

A  proof  of  concept  demonstration  was  implemented.  It 
was  written  in  C++  for  execution  on  three  Windows  NT 
personal  computers  connected  via  a  local  area  network.  The 
demonstration  program  shows  that  we  can  secure  MSHN 
communications  and  that  CDSA  is  a  viable  option  as  a 
cryptographic  applications  programming  interface. 
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I .  INTRODUCTION 

A.  PURPOSE 

The  information  technology  community  is  in  the  midst  of 
a  paradigm  shift.  Until  recently,  the  processing  of  highly 
compute-intensive  applications  was  performed  by  isolated 
super computing  platforms.  It  is  now  possible  for  such 
applications  to  be  executed  by  a  network  of  computers  bound 
together  by  an  overarching  framework  that  presents  the  user 
with  the  appearance  of  one  powerful,  virtual  heterogeneous 
machine  (VHM) . 

Efforts  are  currently  underway  to  define  and  implement 
a  management  system  for  user  applications  running  in  the 
VHM.  Management  System  for  Heterogeneous  Networks  (MSHN)  is 
an  emerging  resource  management  system  whose  primary 
function  is  to  accept  user  jobs,  and  determine  what  jobs 
should  be  executed  on  which  machines  throughout  the  VHM  and 
when . 

The  purpose  of  this  thesis  is  to  discuss  and  analyze 
the  security  requirements  of  an  application  program  running 
in  a  distributed,  heterogeneous,  networked  environment.  In 
particular,  a  security  architecture  suitable  for 
Management  System  for  Heterogeneous  Networks  (MSHN)  will  be 
proposed.  Additionally,  this  thesis  investigates  the 
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possibility  of  implementing  the  proposed  security 
architecture  via  commercial  off-the-shelf  security  software. 

Intel  Corporation  has  recognized  the  need  for  a 
security  infrastructure  that  is  applicable  to  a  distributed, 
multi-platform  computing  environment.  The  result  of  Intel's 
research  is  the  publication  of  a  security  infrastructure 
termed  Common  Data  Security  Architecture  (CDSA)  .  The  use  of 
CDSA  as  a  means  of  providing  a  suitable  level  of  trust  has 
been  investigated.  This  thesis  will  analyze  MSHN's  security 
needs  and  recommend  a  solution  via  CDSA.  Finally,  a 
prototype  demonstration  of  the  security  architecture  is 
presented. 

B .  MOTIVATION 

Significant  challenges  exist  in  securing  any  computing 
system,  however,  the  usual  problems  are  exacerbated  when  a 
process  is  distributed  across  numerous  computing 
environments.  Previously  developed  resource  management 
systems  have  largely  neglected  the  issue  of  security. 
Existing,  systems  lack  scalable  mechanisms  for  authentication 
and  privacy  [Ref.  1]  .  The  current  prototype  of  MSHN  does 
not  provide  protection  against  the  threat  of  unauthorized 
disclosure  or  modification  of  the  user's  data. 

Consider,  for  example,  a  user  application  which 
simulates  the  operation  of  a  newly  designed  jet  engine. 
This  sort  of  simulation,  depending  on  the  fidelity  of  the 
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model,  may  require  the  enormous  consumption  of  computational 
resources.  Thus,  such  an  application  may  be  an  ideal 
candidate  for  execution  via  MSHN.  However,  if  the 
simulation  results  are  not  properly  protected,  their 
unauthorized  disclosure  could  provide  competitors  with  an 
unfair  advantage. 

Similarly,  if  the  engine  were  destined  for  a  military 
aircraft,  compromise  of  the  simulation  results  could  provide 
adversaries  with  infoinnation  that  might  imply  countermeasure 
techniques.  Or  worse,  if  the  adversary  could  modify  the 
simulation  results  without  detection,  they  might  cause  the 
design  to  be  flawed.  Clearly,  the  users  of  MSHN  will  demand 
protection  of  their  data,  or  they  will  be  unwilling  to 
request  its  services. 

C.  ORGANIZATION 

1.  Distributed  Computing 

This  chapter  will  discuss  the  benefits  of  distributed 
computing  and  describe  an  example  application  of  a  military 
command  and  control  decision  support  tool  that  would  be 
suited  to  operating  in  a  distributed  computing  environment. 

2 .  Management  System  for  Heterogeneous  Networks 

This  chapter  will  describe  the  status  of  the  MSHN 
architecture,  which  is  currently  under  development.  It 
provides  a  high  level  view  of  the  processing  and 
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communications  that  must  take  place  between  the  components 
of  MSHN. 

3 .  Essentials  of  Secure  Systems 

This  chapter  discusses  the  fundamentals  of  computer 
security.  It  describes  modern  security  techniques  and 
mechanisms . 

4 .  CDSA 

This  chapter  describes  Intel ' s  Common  Data  Security 
Architecture  (CDSA)  .  Along  with  an  overview  of  the  CDSA 
design,  this  chapter  discusses  the  advantages  and 
disadvantages  of  Intel's  specification. 

5 .  Security  Enhanced  MSHN  Architecture 

This  chapter  will  describe  an  augmented  architecture 
for  MSHN  that  utilizes  underlying  capabilities  to  provide 
limited  security  protection.  The  security- enhanced 

architecture  originates  from  the  description  of  MSHN  in 
Chapter  III,  modified  to  take  advantage  of  the  security 
mechanisms  noted  in  Chapter  IV .  A  proof  of  concept 
demonstration  program,  written  using  CDSA,  will  be 
described.  It  implements  a  primitive  set  of  security 
mechanisms  for  the  security  enhanced  MSHN  architecture. 

6 .  Recommendations  and  Conclusions 

This  chapter  recommends  areas  of  additional  research 
and  concludes  with  a  summary  analysis  of  MSHN  security. 
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II .  DISTRIBUTED  COMPUTING 


For  many  years  the  computer  industry  has  been 
progressing  from  centralized  computing  ,  (mainframes)  to 
decentralized,  distributed  computing  operations.  Earlier 
generations  of  computer  users  were  forced  to  rely  upon 
centralized  processing  because  of  the  computational  power 
required,  the  lack  of  communications  network  capacity,  and 
because  everyone  could  not  afford  to  purchase  their  own 
computers.  This  situation  no  longer  exists. 

The  explosive  growth  in  personal  computer  and 
workstation  usage  has  resulted  from  their  ever-increasing 
processing  capabilities,  continued  decrease  in  acquisition 
costs,  and  substantial  user  friendliness  improvements 
provided  via  graphical  user  interfaces.  Personal  computers 
and  workstations  have  empowered  users  to  control  the 
processing  of  their  data  in  a  more  direct  manner. 

Moreover,  distributed  computing  has  become  the  method 
of  choice  not  only  because  of  the  personal  computer 
evolution,  but  also  because  of  the  connectivity  of  personal 
computers  to  more  powerful  computers  via  local  and  wide  area 
networks .  The  ability  to  share  data  resources  among 
multitudes  of  disparate  users  is  a  tremendous  benefit  to 
all .  The  Department  of  Defense  (DoD)  ,  like  any  other 
enterprise,  realizes  the  significance  of  information 
technology  as  a  key  component,  critical  to  the  success  of 
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its  mission.  The  philosophy  for  the  integration  of 
information  technology  into  the  DoD  is  described  below. 

A.  JOINT  VISION  2010 

The  Chairman  of  the  Joint  Chiefs  of  Staff  has  outlined 
his  future  vision  of  twentieth  century  warfare  in  a  document 
titled  Joint  Vision  2010  [Ref.  2]  .  Figure  1  captures  the 

concepts  of  JV  2010  in  one  diagram. 


Figure  1  Tenets  of  JV  2010  [Ref.  2] 

JV  2010  is  based  upon  the  tenets  of  dominant  maneuver, 
precision  engagement,  focused  logistics,  and  full¬ 
dimensional  protection.  Note  that  the  four  tenets  are  all 
encompassed  by  information  superiority.  In  an  era  of 
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diminishing  force  structure,  the  success  of  our  nation's 
military  defense  is  tied  to  its  ability  to  do  more  with 
less.  Information  superiority  is  the  force  multiplier  that 
enables  a  smaller,  more  agile,  technologically  superior 
force  to  succeed  in  battle.  The  doctrine  that  outlines  how 
the  Department  of  Defense  will  achieve  information 
superiority  is  published  in  Joint  Pub  6  [Ref.  3]  . 

B.  C4I  FOR  THE  WARRIOR;  JOINT  PUB  6 

C4I  represents  command,  control,  communications, 
computers,  and  intelligence.  C4I  encompasses  the  procedures 
that  a  commander  employs  to  direct  his  forces,  as  well  as 
the  policies  to  be  used  to  communicate  information  between 
them.  C4I  For  the  Warrior  is  the  vision  for  future  command 

and  control  systems.  In  this  case,  the  Warrior  refers  to 

the  warfighting  commander.  In  order  to  accomplish  his 
mission,  the  warrior  needs  a  fused,  current,  and  accurate 
representation  of  the  battlespace  along  with  the  ability  to 
coordinate  with,  respond  to,  and  order  all  his  forces.  The 
U.S.  Marine  Corps  concisely  defines  the  importance  of 
command  and  control  in  the  following  quote  from  its 
doctrine : 

War  is  a  process  that  pits  the  opposing  wills  of  two  commanders  against 
each  other.  Great  victories  of  military  forces  are  often  attributed  to 
superior  firepower,  mobility,  or  logistics.  In  actuality,  it  often  is  the 
commander  who  makes  good  decisions  and  executes  these  decisions  at  a 
superior  tempo  who  leads  his  forces  to  victory. 
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Therefore,  victory  demands  that  commanders  effectively  link  decision 
making  to  execution  through  the  concept  of  command  and  control. 
Warfare  will  continue  to  evolve  and  command  and  control  processes, 
organization,  and  supporting  systems  will  continue  to  change,  but  the 
basic  concept  of  command  and  control  will  remain  the  key  to  the  decisive 
application  of  combat  power.  More  than  ever  before,  a  command  and 
control  system  is  crucial  to  success  and  must  support  shorter  decision 
cycles  and  instantaneous  flexibility  across  vast  distances  of  time  and 
space.  [Ref.  3] 

Clearly,  if  we  are  to  achieve  information  dominance,  we 
need  automated  tools  to  help  us  develop  plans  faster  than 
our  adversary.  Command  of  joint  forces  in  war  is  an 
intense,'  competitive  and  stressful  process.  The  joint  force 
commander  is  not  only  faced  with  making  life  and  death 
decisions  in  complex  situations  but  must  do  this,  in  limited 
time,  in  an  environment  of  uncertainty.  Command  is  as  much 
a  problem  of  information  management  as  it  is  of  carrying  out 
difficult  and  complex  warfighting  tasks. 

Command,  control,  communications,  computers  and 
Intelligence  (C4I)  systems  supporting  US  military  forces 
must  have  the  capability  to  rapidly  adapt  to  the  demands  of 

the  commanders  who  use  them,  as  well  as  the  environment  in 
which  they  are  used.  They  must  make  available  the 
information  that  is  important;  provide  it  where  needed;  and 
ensure  that  it  gets  there  not  only  in  a  timely  manner,  but 
also  in  a  format  that  is  usable  by  the  receiver.  The  Joint 
Chiefs  of  Staff  summarize  the  goal  of  C4I  systems  as 
follows:  “The  fundamental  objective  of  C4I  systems  is  to  get 
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the  critical  and  relevant  information  to  the  right  place  in 
time  to  allow  forces  to  seize  on  opportunity  and  meet  the 
objectives  across  the  range  of  military  operations.”  [Ref. 
3]  . 

Decision  Support  Systems  are  at  the  heart  of  the 
commander's  planning  process.  Computer  driven  simulation 
programs  can  be  used  to  assess  the  likely  effectiveness  of  a 
given  war  plan  before  any  casualties  are  incurred.  The 
results  of  the  simulation  runs  can  then  be  used  to  adjust  or 
modify  plans  until  the  commander  is  satisfied  with  their 
predicted  results.  Decision  support  through  modeling  and 
simulation  can  provide  a  significant  advantage  to  the 
warfighter.  An  example  of  their  use  is  described  next. 

C.  C3ISIM:  A  CASE  STUDY 

C3ISIM  is  a  simulation  model  developed  as  a  tool  to 
study  Command,  Control,  Communications,  and  Intelligence 
related  issues  [Ref.  4] .  The  following  analysis  discusses 
the  nature  and  purpose  of  C3ISIM,  to  include  its  usage  in 
Operation  Desert  Shield/Storm,  as  well  as  an  assessment  of 
the  value  of  its  contribution  in  that  engagement. 

The  analysts  who  employed  C3ISIM  in  support  of 
Operation  Desert  Shield  initially  attempted  to  use  the  model 
to  assist  in  the  analysis  of  air  defense  networks  currently 
in  place  in  Saudi  Arabia  and  Iraq.  While  researching  and 
collecting  data  on  air  defense  equipment,  the  mission 
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changed.  As  the  air  campaign  planners  developed  their 
strategy,  the  C3ISIM  analysts  were  tasked  to  perform  a 
detailed  study  of  the  first  few  hours  of  the  attack  plan. 
This  new  task  was  added  because  of  C3ISIM's  ability  to 
simulate  both  fighter  to  fighter  engagements  and  SAM 
(Surface  to  Air  Missile)  to  fighter  engagements. 
Additionally,  it  shows  via  computer  display,  a  high 
resolution  graphic  display  of  the  simulated  battle  as  it 
unfolds.  This  unique  feature,  along  with  the  raw  attrition 
numbers  generated  by  the  program,  enabled  the  air  campaign 
planners  to  maximize  their  measure  of  force  effectiveness 
(MOFE)  ,  which  in  this  case,  was  to  minimize  attrition  of 
friendly  aircraft . 

C3ISIM  proved  to  be  a  valuable  tool  in  the  development 
of  the  Desert  Storm  Air  Campaign.  C3ISIM  enabled  planners 
to  “play”  their  campaign  plan  on  the  computer.  From  the 
simulation  they  were  able  to  perceive  potential  attrition 
“hot  spots”  as  well  as  vulnerabilities  in  the  Iraqi  air 

defense  system.  Planners  could  use  this  information  and 
tailor  their  war  plan  to  avoid  the  enemy's  strengths  and 
exploit  its  weaknesses .  As  a  decision  aid,  the  information 
generated  by  C3ISIM  may  have  saved  the  lives  and  expensive 
aircraft  of  U.S.  pilots.  Of  course,  it  must  be  understood 
that  it  was  only  one  of  many  tools  used  to  aid  in  the 
decision  making  process .  Other  analysis  methods  and  models 
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were  investigated  and  used  for  comparison.  Ultimately, 
C3ISIM  was  perceived  as  a  valid  model  by  the  users  because 
it  passed  their  “gut  check.”  Also  noteworthy  is  what  C3ISIM 

did  not  do.  It  did  not  develop  the  air  campaign,  nor  did  it 
make  the  process  any  easier  or  faster.  What  it  did  do  was 
help  the  planners  produce  a  better  overall  product.  And 
from  this  perspective,  C3ISIM  was  completely  successful. 

Models,  by  definition,  are  an  abstraction  of  reality. 
Analysts,  as  well  as  the  user  community,  must  remember  that 
a  model,  no  matter  how  detailed,  will  never  completely 
simulate  all  aspects  of  battle.  The  level  of  detail 
provided  by  C3ISIM  was  adequate  for  its  intended  use. 
However,  there  will  always  be  a  conflict  between  detail 
(realism)  and  speed  of  model  execution. 

C3ISIM  was  only  marginally  acceptable  '  in  temns  of 
timeliness.  Once  the  air  campaign  began,  C3ISIM  was  no 
longer  a  viable  tool  because  each  simulation  run  took  too 
long  to  execute.  The  C3ISIM  analysts  noted: 

The  initial  nms  we  made  covered  the  first  three  hours  of  real  time,  but 
required  almost  eight  hours  to  execute  on  the  computer.  We  were  able  to 
conduct  two  executions  per  day  at  that  rate.  The  number  of  times  we  ran 
the  model  with  different  ‘rolls-of-the-dice’  was  certainly  constrained  by 
how  quickly  we  needed  the  answer  to  the  attrition  question.  [Ref.  4] 

Like  any  other  computer  program,  its  outputs  are  only 
as  good  as  the  inputs.  At  this  time  the  air  tasking  order 
was  extremely  volatile.  Changes  to  the  air  picture  occurred 
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on  a  continual  basis.  C3ISIM  was  slow,  and  since  it  was  a 
Monte  Carlo  model,  it  required  numerous  executions,  using 
the  same  data  set,  before  trends  could  be  reliably  detected. 
Therefore,  once  the  air  plan  had  been  established  and 
started,  C3ISIM  could  not  produce  attrition  estimates  in 
time  for  the  execution  of  a  mission.  Throughout  Desert 
Storm,  the  mission  of  C3ISIM  turned  to  that  of  trying  to 
determine  the  cause  of  downed  aircraft,  rather  than 
attempting  to  predict  future  losses. 

Nonetheless,  C3ISIM  demonstrated  its  applicability  and 
suitability  as  a  decision  tool  for  combat  planners.  By 
analyzing  and  simulating  an  extremely  complex  problem, 
C3ISIM  not  only  confirmed  the  planner's  “gut  feeling,”  but 
also  provided  insights  that  may  have  otherwise  gone 
undiscovered . 

C3ISIM  is  one  of  a  number  of  complex  decision  support 
tools  available  to  a  commander.  The  compute  power  required 
to  process  these  programs  grows  unbounded  as  the  user 
demands  more  fidelity  and  realism  from  the  software.  During 
Desert  Shield,  C3ISIM  was  run  on  a  Silicon  Graphics  240GTX 
workstation.  Consider  the  advantage  that  a  network  of 
cooperative  computers  would  have  provided  if  it  had  been 
available  at  the  time.  Simulation  runs  could  have  executed 
concurrently  on  dozens  if  not  hundreds  of  powerful 
workstations.  Simulation  results  would  have  been  returned 
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in  time  for  planners  to  adjust  their  battle  plan.  Thus,  the 
usefulness  of  the  C3ISIM  model  could  have  extended  into  the 
tactical  battle  planning  process. 

D.  SUMMARY 

Decision  support  systems  and  the  explosive  growth  of 
networked  computing  have  irrevocably  changed  the  paradigm  by 
which  computers  of  all  types  are  employed.  Long  gone  are 
the  days  of  mainframe  monsters  tied  to  dumb  terminals. 
These  changes  have  affected  the  manner  in  which  the  military 
and  commercial  industries  will  employ  information  technology 
assets.  Joint  Vision  2010  requires  information  superiority 
for  success  in  battle.  Distributed  systems  are  a  key 
enabler  to  that  objective.  It  is  imperative  that  the 
Department  of  Defense  take  advantage  of  distributed 
computing,  for  our  adversaries  surely  will. 
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III.  MANAGEMENT  SYSTEM  FOR  HETEROGENEOUS  NETWORKS  (MSHN) 


A.  PURPOSE 

Modern  computer  networks  have  grown  in  size  and 
complexity  as  fast  as  the  technology  will  allow.  They  also 
span  greater  distances  and  include  machines  of  varying 
types.  This  expansion  has  resulted  in  the  need  to 
effectively  manage  large  heterogeneous  computer  networks,  to 
deliver  good  performance  to  all  users,  regardless  of  their 
individual  measure  of  quality  of  service.  In  response  to 
this  need,  a  team  of  computer  science  experts,  funded  by  the 
Defense  Advanced  Research  Projects  Agency  (DARPA) ,  is 
currently  developing  a  resource  management  system  named 
MSHNi. 

The  goal  of  MSHN  is  to  provide  a  computing  environment 
that  delivers  each  user's  specified  quality  of  service, 
subject  to  the  available  resources,  the  user's  individual 
priorities,  and  the  preference  of  each  user  for  different 
forms  of  the  requested  data.  Given  a  set  of  jobs,  MSHN  will 
determine  where  and  when  to  run  each  job.  MSHN  evolved  from 
SmartNet,  which  was  a  heterogeneous  framework  for  minimizing 
the  time  at  which  the  last  job  of  a  set  of  computationally 
intensive  jobs  finishes  on  a  suite  of  heterogeneous 

^  Pronounced  “mission”. 
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computing  resources  [Ref.  5]  .  SmartNet  treats  the  set  of 
compute  resources  available  as  one  virtual  heterogeneous 
machine  (VHM) .  SmartNet  achieves  superior  performance  by 
(j0termining  scheduling  solutions  based  upon  knowledge  of  the 
VHM  and  job  characteristics.  MSHN  differs  from  SmartNet  in 
several  ways:  (1)  it  strives  to  support  Input/Output 

ijitensive  and  real-time  jobs  in  addition  to  compute¬ 
intensive  jobs;  (2)  it  accounts  for  the  fact  that  many 
different  resources  may  be  needed,  not  just  a  central 
processing  unit,  to  execute  a  job;  and  (3)  it  manages 
adaptive  applications. 

One  of  the  key  improvements  of  MSHN  over  traditional 
resource  management  systems  is  that  MSHN  is  intended  to 
support  adaptive  applications.  Adaptive  applications  are 
those  which  can  produce  results  using  either  a  variety  of 
algorithms  or  in  a  variety  of  forms.  MSHN  uses  knowledge  of 
these  various  forms  to  choose  the  appropriate  one  for  the 
given  operating  environment .  MSHN  is  intended  to  help 
achieve  the  goals  set  forth  in  Joint  Vision  2010,  and  C4I 
For  The  Warrior,  by  allowing  a  commander  to  maximize  the 
utility  of  his  computer  network,  particularly  in  a  volatile 
wartime  environment- 

In  addition  to  improving  the  performance  of  other 
applications,  MSHN  is  intended  to  expand  the  usefulness  of 
compute  intensive,  batch  processed  jobs  such  as  C3ISIM.  Had 
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MSHN  been  available  during  the  Gulf  War,  it  may  have  been 
possible  to  use  CSISIM's  simulation  results  throughout  the 
air  campaign,  as  opposed  to  only  prior  to  the  start  of  the 
battle. 

B.  MSHN  PROPOSED  ARCHITECTURE 

The  MSHN  architecture  is  still  under  development.  The 
description  that  follows  is  based  upon  the  architecture 
design  as  of  April  30,  1998.  While  the  ultimate  MSHN 

architecture  may  differ  slightly,  the  main  components  and 
concepts  are  expected  to  remain  unchanged. 

MSHN  will  consist  of  a  client-server  architecture.  It 
will  be  composed  of  at  least  the  following  components: 

■  Client  Library 

■  Scheduling  Server 

■  Resource  Requirement  Database 

■  Resource  Status  Server 

An  abstract  description  of  each  of  the  components  is 
provided  below,  and  portrayed  in  Figure  2 .  Although  these 
components  are  shown  together,  they  may  in  fact  reside  on 
separate  machines.  There  will  usually  be  many  different 
client  applications,  linked  with  the  client  libraries 
running  at  any  given  time.  Additionally,  it  is  conceivable 
that  some  of  the  components  may  be  replicated. 
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1. 


Client  Library 


The  client  library  is  linked  with  both  adaptive  and 
non-adaptive  applications.  It  provides  a  transparent 
interface  to  all  of  the  MSHN  services  [Ref.  6]  .  The  client 
library  performs  several  functions.  It  intercepts  system 
calls  to  (1)  monitor  end-to-end  performance,  (2)  record 
resource  requirements,  and  (3)  forward  requests  to  start 
another  process,  when  appropriate,  to  the  Scheduling  Server. 
It  forwards  the  end-to-end  performance  measurements  to  the 
Resource  Status  Server,  and  the  recorded  resource 
requirements  to  the  Resource  Requirements  Database.  The 
final  implementation  of  MSHN  may  forward  the  performance 
measurements  and  resource  requirements  through  a  local 
proxy.  Finally,  it  will  also  intercept  calls  from  the 
Scheduling  Server  which  indicate  that  a  different  form  of 
the  application,  other  than  the  one  that  is  currently 
running,  should  be  executed. 

2 .  Scheduling  Server 

The  Scheduling  Server  performs  the  highly  complex  task 
of  scheduling  multiple  jobs,  from  multiple  users,  onto  one 
(or  several)  computers  from  a  pool  of  heterogeneous 
computing  platforms.  The  sophisticated  algorithms  that  the 
Scheduling  Server  will  use  to  make  decisions  is  beyond  the 
scope  of  this  thesis.  However,  it  is  essential  to  know  the 
interfaces  presented  by  the  Scheduling  Server. 


18 


The  Scheduling  Server  will  accept  scheduling  requests 
from  the  client  libraries.  The  Scheduling  Server  will  query 
both  the  Resource  Status  Server  and  the  Resource 
Requirements  Database.  These  queries  will  respond  with  near 
real  time  information  on  the  status  (load)  of  the  VHM,  and 
the  resource  requirements  of  the  application.  Once  this 
information  is  obtained,  the  Scheduling  Server  can  calculate 
a  mixture  of  computing  and  network  resources  which  will, 
with  high  probability,  deliver  the  requested  quality  of 
seirvice . 

Additionally,  in  the  event  of  a  significant  deviation 
from  the  initial  resource  status  estimate,  the  Scheduling 
Server  will  receive  notification  from  the  Resource  Status 
Server.  For  example,  if  a  communications  path  is  severed, 
or  a  machine  fails,  the  Scheduling  Server  will  be  notified 
and  can  recalculate  a  new  scheduling  solution  for  the 
affected  applications.  The  Scheduling  Server  may  then 
signal  the  client  librai:y  and  advise  it  to  compute  using  a 
different  algorithm,  or  perhaps  recommend  that  it  shift 
execution  to  a  different  computing  resource. 

3 .  Resource  Requirements  Database 

The  Resource  Requirements  Database  is  a  repository  of 
information  pertaining  to  the  execution  of  user 
applications.  A  job  consists  of  the  code  and  data  required 
to  execute  a  user's  application.  The  database  records 
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statistics  on  the  run  time  characteristics  of  jobs,  such  as 
CPU,  memory,  and  disk  usage.  The  Resource  Requirements 
Database  provides  this  information  to  the  Scheduling  Server 
as  requested.  It  is  updated  by  the  client  libraries. 

4.  Resource  Status  Server 

The  purpose  of  the  Resource  Status  Server  is  to 
maintain  a  highly  dynamic  database  of  estimated  loads  on  the 
various  resources  of  the  VHM  [Ref.  6]  .  The  Scheduling 
Server  will  query  the  Resource  Status  Server  to  obtain  an 
initial  estimate  of  the  load  on  various  compute  resources. 
After  making  a  scheduling  decision,  the  Scheduling  Server 
will  notify  the  Resource  Status  Server  of  the  additional 
loads  that  it  expects  the  client  application  to  place  on  the 
compute  resources . 

Also,  during  the  execution  of  an  application,  the 
Resource  Status  Server  will  be  updated  periodically  with 
statistics  regarding  the  computing  and  networking  resources 
in  use  by  the  client  libraries . 
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C.  SUMMARY 

MSHN  is  a  tool  currently  under  development.  Its 
purpose  is  to  manage  (adaptive)  jobs  in  a  heterogeneous 
environment,  so  that  the  system  delivers  good  quality  of 
service.  Given  the  conceptual  description  from  above,  we 
shall  now  turn  our  attention  towards  the  security  aspects  of 
MSHN. 
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IV.  ESSENTIALS  OF  SECURE  SYSTEMS 


A.  THE  GOLDEN  TRIANGLE  OF  INFORMATION  SECURITY 

Clearly,  no  computer  system  is  100%  secure.  There  will 
always  be  some  level  of  risk  associated  with  the  use  of  such 
a  system.  Therefore,  it  is  more  appropriate  to  describe  the 
level  of  trust  you  have  in  that  system,  rather  than  calling 

it  secure.  Trust,  in  this  context,  refers  to  the  degree  to 

which  you  believe  the  computing  system  will  behave  in  the 
manner  it  was  designed  to  behave.  In  other  words,  we  expect 
the  computing  system  to  enforce  a  security  policy. 
Information  security  is  commonly  viewed  as  a  combination  of 
the  following  features: 

1.  Secrecy: 

Secrecy  is  defined  as  the  protection  of  information 
from  unauthorized  disclosure. 

2.  Integrity: 

Integrity  is  defined  as  the  protection  of  information 
from  modification  or  deletion. 

3.  Availability: 

Availability  is  defined  as  the  protection  from  denial 
of  service  attacks . 
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B.  BUILDING  A  TRUSTED  COMPUTER  SYSTEM 

The  Department  of  Defense  Trusted  Computer  System 
Evaluation  Criteria  (TCSEC)  [Ref.  7]  describes  the 
techniques  that  should  be  considered  when  developing  a 
trusted  computing  system.  The  TCSEC  has  three  control 
objectives : 

1.  Security  Policy 

A  security  policy  is  a  statement  of  intent  with  regard 
to  control  over  access  to  and  dissemination  of  information. 
It  must  be  precisely  defined  and  implemented  for  each  system 
that  is  used  to  process  sensitive  information.  Two  common 
policies  are  the  Mandatory  Policy  and  the  Discretionary 

Policy. 

A  mandatory  policy  is  one  where  the  computer  system 
enforces  access  control.  One  common  implementation  of 
mandatory  policy  uses  a  set  of  ordered  labels  that  have  been 
assigned  to  each  data  container  and  user.  Access  control 
decisions  are  determined  by  the  relationship  between  the 
user's  label  and  the  container's  label  in  the  label 
hierarchy.  Mandatory  policies  are  often  found  in  military 
applications,  where  users  are  assigned  security  clearances, 
and  data  are  marked  with  a  security  classification.  Only 
those  users  with  a  clearance  equal  to  or  higher  than  the 
data's  classification  label  are  permitted  access. 
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Conversely,  a  discretionary  policy  allows  the  users  of 
the  computer  system  to  decide  who  should  receive  access  to 
the  information  they  control,  and  the  system  enforces  those 
access  control  decisions. 

2.  Accountability 

The  second  basic  control  objective  addresses  one  of  the 
fundamental  principles  of  security:  individual 

accountability .  Individual  accountability  is  the  key  to 

securing  and  controlling  any  system  that  processes 

information  on  behalf  of  individuals  or  groups  of 

individuals.  Accountability  is  supported  by  the  following 
security  mechanisms : 

a)  Identification 

Each  individual  user  of  a  system,  whether  they  are 
an  actual  person  or  a  process  running  on  behalf  of  a  user, 
must  identify  itself  before  obtaining  access  to  the 

resources  of  the  computer  system. 

b)  Authentication 

Authentication  is  the  process  of  binding  the 

identity  of  a  user  to  who  they  say  they  are.  Identification 
and  authentication  work  together,  and  are  often  called  I&A. 
A  trusted  computer  system  must  have  irrefutable  proof  that 
an  identified  user  is  legitimate,  and  not  an  impostor. 
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Once  I&A  has  been  established,  then  the  trusted 
computer  system  can  provide  authorization  control.  In  most 
computer  systems,  users  may  have  differing  access 
requirements  depending  on  their  role  in  the  organization. 
Some  users  may  require  access  to  certain  sensitive 
information  that  should  not  be  revealed  to  other  users.  The 
administrator  of  such  a  system  needs  the  ability  to  decide 
what  level  of  access  to  bestow  upon  an  authenticated  user. 
Note  that  for  this  feature,  granularity  is  an  important 
attribute.  Some  applications  may  require  access  control  per 
individual  user,  while  others  may  wish  to  grant  access  to  an 
entire  group  of  users. 

c )  Audi t 

A  trusted  computer  system  should  provide  an  audit 
capability.  Thus,  if  an  anomaly  or  a  breach  should  occur, 
the  audit  trail  could  assist  developers  and  administrators 
in  their  efforts  to  isolate  and  remedy  the  problem. 
Additionally,  this  feature  can  help  investigators  assess  the 
extent  of  damage  that  may  have  occurred,  and  decide  on  an 
appropriate  course  of  action. 

Note  that  while  auditing  cannot  prevent  attacks, 
it  does  provide  a  psychological  deterrence  to  insider  crime. 
If  a  valid  user  knows  that  his  actions  are  being  recorded, 
he  may  be  less  likely  to  attempt  an  illegal  action,  even 
though  the  system  might  allow  him  to  do  so.  Auditing  is 
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extremely  valuable  as  a  tool  for  alerting  appropriate 
personnel,  recording  the  extent  of  a  breach,  and  assisting 
in  the  eventual  repair  of  security  events. 

3 .  Assurance 

The  third  basic  control  objective  is  concerned  with 
guaranteeing  or  providing  confidence  that  the  security 
policy  has  been  implemented  correctly  and  that  protection 
relevant  elements  of  the  system  do  indeed  accurately  mediate 
and  enforce  the  intent  of  that  policy.  By  extension, 
assurance  must  include  a  guarantee  that  the  trusted  portion 
of  the  system  works  only  as  intended.  To  accomplish  these 
objectives,  two  forms  of  assurance  are  required: 

a.)  Life-Cycle  Assurance 

Life  cycle  assurance  refers  to  the  steps  taken  by 
an  organization  to  insure  that  the  system  is  designed, 
developed,  and  maintained  using  formalized  and  rigorous 
control  and  standards  [Ref.  7] . 

b)  Operational  Assurance 

Operational  assurance  focuses  on  the  features  and 
system  architecture  used  to  insure  that  the  security  policy 
is  uncircumventably  enforced  during  system  operation  [Ref. 
7]  . 
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C.  REFERENCE  MONITOR  CONCEPT 

An  abstract  model  of  the  operation  of  security 
mechanisms  was  proposed  by  James  P.  Anderson  in  1972.  His 
idea  was  called  the  Reference  Monitor  Concept  [Ref.  8]  . 
Figure  3  depicts  the  Reference  Monitor  Concept . 


Figure  3  Reference  Monitor  Concept 

The  Reference  Monitor  Concept  provides  a  theoretical 
framework  for  the  design  and  implementation  of  security 
mechanisms  which  will  enforce  a  particular  security  policy. 
The  reference  monitor  allows  active  entities,  called 
Subjects,  to  make  reference  to  passive  entities,  called 

Objects,  based  on  a  set  of  current  access  authorizations. 

Subjects,  such  as  users,  and  processes,  cause  information  to 
flow  among  objects,  or  change  the  state  of  the  system. 
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Objects,  such  as  files,  displays,  and  printers,  are  entities 
that  contain  or  receive  information. 

The  heart  of  the  Reference  Monitor  is  the  Reference 
Validation  Mechanism  (RVM) .  The  RVM  arbitrates  access 
requests .  When  the  RVM  receives  a  request  for  access  from  a 
subject,  the  RVM  consults  the  authorization  database.  If 
the  authorization  database  contains  permission  for  the  given 
s\ibject /object  pair,  then  access  is  granted,  and  the  current 
authorization  database  is  updated  along  with  appropriate 
entries  into  the  audit  trail. 

Any  actual  implementation  of  a  reference  monitor  must 
satisfy  three  design  requirements  [Ref.  8] : 

■  Completeness:  the  reference  monitor  must  be  invoked 
upon  every  reference  by  a  subject  to  an  object, 

■  Isolation:  the  reference  monitor  and  its  database 

must  be  protected  from  unauthorized  alteration,  and 

■  Verifiability:  the  reference  monitor  must  be 

relatively  compact,  organized,  simple,  and 
understandable  so  that  it  can  be  completely 
analyzed,  tested  and  verified  to  perform  its 
functions  properly. 

In  practice,  it  is  extremely  difficult  to  produce  an 
implementation  of  a  reference  monitor  that  fulfills  these 
requirements.  Software  flaws  will  exist  in  all  but  the  most 
carefully  analyzed  programs .  Sophisticated  software 
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engineering  techniques  and  configuration  control  can 
certainly  assist  in  the  development  of  a  high  quality 
product,  but  they  do  not  provide  100%  assurance. 
Nonetheless,  the  reference  monitor  concept  remains  as  an 
ideal,  theoretical  basis  for  the  design  of  trusted  systems. 

D.  SECURITY  MECHANISMS 

1.  Identification  and  Authentication 

Identification  and  authentication  is  a  first  step 
towards  controlling  access  to  information.  It  is  a  two-step 
process  where  the  user  first  tells  the  system  who  they  are, 
followed  by  proof  to  the  system  that  who  they  say  they  are 
is  in  fact  who  they  are.  I&A  mechanisms  generally  rely  on 
one  or  more  of  the  following  three  items: 

■  Something  the  user  knows :  the  most  common  form  of 

this  technique  is  the  use  of  a  password, 

■  Something  the  user  has:  smart  cards,  tokens  or 

identification  badges  are  forms  of  something  the 
user  may  have,  and 

■  Something  the  user  is:  physical  properties  of  the 

user '  s  anatomy  are  examples  of  something  he  or  she 
is.  Finger  prints,  retinal  scans,  voice  recognition 
and  many  other  techniques  are  available  to  prove 
identity  with  a  reasonable  degree  of  assurance. 


30 


2 .  Cryptography 

Cryptography  is  the  science  and  art  of  secret  writing  - 
keeping  information  secret  [Ref,  9] .  Most  people  are  aware 
of  cryptography  as  a  means  for  scrambling  a  message  such 
that  it  can  only  be  read  by  the  holder  of  some  secret  code, 
however,  confidentiality  is  only  one  of  many  services  that 
cryptography  can  provide.  Cryptography  is  an  essential  part 
of  modern  secure  systems  because  of  its  ability  to  provide 
the  following  communications  security  services: 

■  Secrecy:  protection  against  unauthorized 

disclosure, 

■  Authentication:  undisputable  proof  of  the 

originator  of  a  message, 

■  Integrity:  detection  of  unauthorized  modification 

or  deletion  of  a  single  bit  of  a  message,  and 

■  Nonrepudiation:  undisputable  proof  of  a 

transaction,  such  that  neither  party  involved  can 
deny  the  transaction  after  the  fact . 

Cryptography  is  implemented  via  encryption  algorithms. 
Encryption  Algorithms  are  mathematical  functions  that 
scramble  data.  There  are  numerous  algorithms  available. 
They  can  be  divided  into  two  categories:  [Ref.  9] 

■  Symmetric  Key  Algorithms,  and 

■  Asymmetric  Key  Algorithms . 
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a)  Symmetric  Key  technology 

Symmetric  key  ciphers  use  an  algorithm  for 
encryption  and  decryption  with  the  same  key  (see  Figure  4) . 
Therefore,  symmetric  key  schemes  required  that  both  the 
sender  (User  A)  and  receiver  (User  B)  possess  the  same  key 
in  order  to  communicate  in  a  secure  manner .  The 
confidentiality  and  authenticity  of  their  data  relies  on  the 
security  of  the  key  and  the  strength  of  the  encryption 
algorithm  employed. 


Figure  4  Symmetric  Key  Cryptography 

Symmetric  key  systems  require  a  trusted  source  for 
the  generation  and  distribution  of  keys.  The  difficulty  of 
symmetric  key  technology  is  the  distribution  process.  Since 
the  basis  for  trust  lies  in  the  secrecy  of  the  keys,  keys 
cannot  be  sent  via  unsecure  means. 
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Key  management  in  a  symmetric  system  can  be  a  non¬ 
trivial  problem.  Consider  the  fact  that  for  each  pair  of 
users  in  an  organization,  there  must  exist  a  unique  key. 
The  total  number  of  keys  required  can  be  calculated  by  the 
following  formula: 

N  =  [U  *  (U  -  1)  ]  /2 

where  N  =  Total  number  of  unique  keys,  and  U  = 
number  of  unique  users.  Thus,  if  there  are  100  users  in  an 
organization  who  wish  to  securely  communicate  encrypted 
messages,  a  total  of  [100  *  (100-1) ]/2  =  4950  keys  would  be 
required.  Clearly,  key  management  can  get  out  of  hand 
quickly,  even  in  a  small  organization. 


b)  Asymmetric  Key  Technology 

Cryptographic  algorithms  where  one  key  is  used  to 
encrypt  and  a  second  key  is  used  to  decrypt  are  called 
asymmetric  algorithms  (see  Figure  5) . 
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Figure  5  Asymmetric  Key  Cryptography 
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Asymmetric  key  systems  offer  significant 
advantages  over  symmetric  systems  when  it  comes  to 
management  and  distribution  of  keys. 

Public /Private  key  cryptography  is  a  family  of 
asymmetric  key  algorithms  that  offers  several  unique,  and 
highly  useful  properties.  The  public/private  key  pairs 
(PPK)  are  generated  such  that  when  one  key  is  used  to 
encrypt,  the  other  is  used  to  decrypt.  The  user’s  public 
key  is  freely  published  for  anyone  to  use,  while  the  private 

key  is  kept  secret.  [Ref.  9] 

Public  key  technology  can  be  used  to  implement 
several  important  security  mechanisms:  confidentiality, 
authenticity,  integrity  and  non-repudiation.  To  transmit  a 
secret  message  from  User  A  to  User  B,  User  A  would  encrypt 
the  message  using  User  B's  public  key.  The  only  person  who 
could  decsrypt  the  message  would  be  the  holder  of  User  B's 
private  key,  which  presumably.  User  B  has  kept  securely  to 
himself.  User  B  can  decrypt  the  message,  but  how  does  he 
know  it  came  from  User  A?  Anyone  could  create  a  message  and 
encrypt  it  with  User  B's  public  key.  This  problem  is  solved 
by  digital  signatures,  which  are  described  later  in  this 
chapter . 

Asymmetric  key  systems  offer  a  significant 
advantage  over  symmetric  systems  in  terms  of  key 
distribution.  Since  private  keys  remain  secured  with  the 
originator,  there  is  no  need  for  a  pre-planned  secured 
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communications  path  or  courier  system  to  deliver  keys. 
Public  keys  can  be  transmitted  via  electronic  mail,  posted 
on  a  web  page,  obtained  via  voice  telephone  call,  or  any 
other  means,  without  regard  to  compromise. 

The  management  of  keys  in  an  asymmetric  system  is 
much  simpler  than  in  a  symmetric  system  due  to  the  reduced 
number  of  keys  required.  For  each  user  in  the  system,  there 
are  only  two  keys  that  need  to  be  managed;  the  user's  public 
and  private  key  pair.  Referring  back  to  the  previous 
example,  in  an  organization  of  100  symmetric  key  users,  a 
total  of  4950  keys  were  required.  The  same  organization 
using  asymmetric  keys  would  require  only  200  keys.  This 
promises  a  significant  workload  reduction  in  terms  of 
administrative  costs.  Public  key  systems  are  scalable. 
They  easily  expand  with  the  growth  of  the  enterprise. 

Public  key  technology  offers  a  wide  range  of 
advantages  over  symmetric  techniques,  however,  it  is  not 
without  its  drawbacks.  One  significant  disadvantage  stems 
from  the  fact  that  the  encryption  and  decryption  algorithms 
are  significantly  slower.  Consider  the  following  comparison 
of  two  of  the  most  popular  cryptographic  algorithms.  Data 
Encryption  Standard  (DES) ,  a  symmetric  algorithm,  and  the 
Rivest,  Shamir  and  Adleman  (RSA)  Cryptosystem,  a  public  key 
algorithm. 

The  most  efficient  current  hardware 
implementations  of  RSA  achieve  encryption  rates  of  about  600 
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Kilobits  per  second,  as  compared  to  1  Gigabit  per  second  for 
DES.  Stated  another  way,  RSA  is  roughly  1500  times  slower 
than  DES.  [Ref.  10] 

Even  more  important,  the  use  of  public  keys 
requires  an  infrastructure  designed  to  satisfy  the  following 
questions : 

■  How  do  I  obtain  someone's  public  key,  and 

■  How  do  I  know  keys  are  valid? 

Obtaining  another  user's  public  key  may  be  as 
simple  as  placing  a  telephone  call  to  the  user  and 
transmitting  the  key  verbally.  This  simple  solution  might 
not  always  be  practical.  Another  alternative  is  to  post 
public  keys  on  a  web  site  that  is  open  to  anyone  who  might 
need  your  key. 

The  Consultative  Committee  for  International 
Telegraphy  and  Telephony  (CCITT)  recommendation  X.500  is  a 
series  of  recommendations  that  define  a  directory  service 
[Ref.  11]  .  The  directory  provides  a  means  for  mapping  users 
to  their  ptablic  keys.  Lightweight  Directory  Access  Protocol 
(LDAP)  is  another  example  of  an  automated  means  for 
obtaining  public  keys. 

Once  the  user  has  obtained  the  required  public 
key,  he  or  she  must  be  assured  that  is  legitimate,  and  not  a 
forgery.  Authentication  of  public  keys  is  performed  by 
electronically  wrapping  the  key  and  other  user  data  in  a 
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certificate.  The  certificate  is  electronically  signed  by  a 
trusted  third  party.  This  signature  guarantees  the 
authenticity  of  the  certificate,  much  as  a  notary  public 
performs  the  same  function  on  paper  documents. 

c)  Digital  Signatures 

A  digital  signature  is  a  block  of  data  that  was 
created  through  the  use  of  a  cryptographic  signing 
algorithm.  The  algorithm  is  applied  to  some  input  data 
using  a  private  key.  Digital  signatures  can  be  used  for  the 
following  purposes : 

■  Authenticating  the  originator  of  a  message  or 
process,  and 

■  Verifying  the  integrity  of  a  message  since  it  was 
signed  by  the  originator. 

Digital  signatures  provide  authentication  by 
virtue  of  the  extreme  computational  difficulty  of  decrypting 
a  signed  message  without  the  proper  public  key.  The 
successful  decryption  of  a  digitally  signed  message  with  a 
public  key  virtually  guarantees  the  message  was  signed  by 
the  holder  of  the  corresponding  private  key. 

Integrity  of  messages  can  be  guaranteed  by 
combining  digital  signatures  with  message  digests .  A 
message  digest,  or  hash,  is  a  small  piece  of  data  that  is 
generated  by  processing  the  message  through  a  hashing 
algorithm.  A  hashing  algorithm  uses  a  sophisticated 
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mathematical  routine  to  produce  a  message  digest  that  is 
extremely  difficult  to  reverse.  That  is,  given  the  hash,  it 
is  almost  impossible  to  determine  the  message  that  was  used 
to  create  it  (there  would  be  many) . 

Additionally,  the  hashing  function  is  designed 
such  that  any  change  in  the  message  will  produce  a 
completely  different  message  digest.  Therefore,  if  the 
originator  of  a  message  creates  a  message  hash  and  signs  it, 
the  receiver  of  the  message  can  verify  the  integrity  of  the 
message  by  recalculating  the  hash  and  comparing  it  with  the 
one  sent  with  the  message.  If  they  agree,  then  receiver  can 
be  reasonably  certain  that  the  message  arrived  without  the 
change  of  a  single  bit. 

Hashing  algorithms  and  message  digests  suffer  from 
a  phenomenon  known  as  collisions .  The  strength  of  a  message 

digest  is  limited  by  the  number  of  bits  used  to  compose  the 
hash.  Normally,  a  message  digest  is  small,  perhaps  several 
bytes,  compared  to  the  input  message  from  which  the  hash  was 
derived  that  may  be  several  kilobytes  to  megabytes. 
Clearly,  since  there  are  more  combinations  for  possible 
messages  than  there  are  for  corresponding  message  digests, 
there  will  exist  a  number  of  messages  that,  when  hashed, 
produce  exactly  the  same  message  digest.  This  is  a 
collision.  The  possibility  of  a  collision  implies  that  a 
person  with  sufficient  computing  resources  and  time  can 
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generate  a  bogus  message  that  produces  the  same  hash  as  an 
authentic  message,  and  therefore,  break  the  integrity  of 
your  message.  Thus,  collisions  and  their  risks  should  be 
considered  when  choosing  a  hash  size  and  algorithm. 

d)  Digital  Certificates 

A  digital  certificate  is  an  unforgeable  binding 
between  some  user  (person  or  process)  to  a  public  key  in  a 
particular  domain  as  attested  to  by  the  digital  signature  of 
the  owner  of  the  certificate  domain.  Certificates  can 
attest  to  the  identity  of  the  certificate  holder  and  may 
include  a  set  of  authorized  actions  the  holder  may  perform. 
CCITT  recommendation  X.509  defines  a  standard  format  for  the 
content  of  certificates  [Ref.  11]  . 

The  owner  or  creator  of  a  certificate  domain  is 
known  as  the  certificate  authority  (CA) .  The  digital 
signature  placed  upon  a  certificate  by  the  CA  forms  the 
basis  for  trust  in  a  Public  Key  Infrastructure  (PKI)  system. 
The  community  of  trusted  certificates  can  be  expanded  by 
cross  certification.  When  two  or  more  CA's  agree  to  trust 
each  other's  certificates,  users  can  infer  trust  based  upon 
this  relationship  (see  Figure  6) . 
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Figure  6  Cross  Certification 


Cross  certification  allows  for  the  development  of 
an  expandable,  hierarchical  certificate  authority  structure. 
This  infrastructure  is  essential  to  the  success  of  public 
key  technology.  However,  certificate  authorities  have 
another  important  job  aside  from  the  creation  of 
certificates.  What  happens  when  a  certificate  is  no  longer 
valid?  The  revocation  of  certificates  is  a  serious  issue. 

Certificate  revocation  can  be  handled  in  a  number 
of  ways.  Usually,  when  a  certificate  is  created  it  will 
include  a  field  to  indicate  the  expiration  date  of  the 
certificate.  The  user  of  the  certificate  can  check  the 
expiration  date  prior  to  allowing  any  transaction,  much  the 
same  way  a  credit  card  is  checked  for  expiration  before  a 
purchase  is  committed. 
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There  may  be  cases  when  a  certificate  authority 
wishes  to  revoke  a  certificate  prior  to  its  expiration  date. 
For  example,  consider  an  employee  who  is  terminated  for 
cause.  While  the  former  employee's  certificate  is  still 
within  the  validity  date,  the  employee  maintains  the  ability 
to  identify  himself  as  a  member  of  the  firm.  This  positive 
identity  may  grant  him  access  to  confidential  data. 
Clearly,  the  firm  would  have  the  need  to  revoke  the 
certificate  immediately.  Certificate  Revocation  Lists 
(CRLs)  were  developed  for  this  purpose.  A  CRL,  as  the  name 
implies,  is  a  listing  of  certificates  that  are  no  longer 
valid.  Now  when  a  user  wishes  to  check  the  validity  of  a 
certificate,  they  must  check  the  digital  signature  of  the 
signer  as  well  as  the  revocation  list.  Provided  that  both 
tests  pass,  the  user  can  be  assured  that  the  certificate  is 
legitimate . 

E.  SUMMARY 

Building  a  secure  computing  system  is  no  trivial 
affair.  A  great  deal  of  research  has  gone  in  to  the 
development  of  sound  security  principles  and  mechanisms. 
Chapter  V  describes  a  commercial  off-the-shelf  product  that 
implements  security  mechanisms . 
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V. 


COMMON  DATA  SECURITY  ARCHITECTURE 


In  early  1995,  Intel  Corporation  recognized  the  need 
and  corresponding  opportunity  for  a  security  infrastructure 
that  was  open,  interoperable,  and  applicable  across  multiple 
computing  platforms.  The  initial  idea  was  to  provide 
personal  computers  with  a  basic  infrastructure  so  that  the 
essential  ingredients  for  a  security  solution  were 
available.  As  a  result  of  their  research  and  development, 
Intel  published  a  specification  called  the  Common  Data 

Security  Architecture  (CDSA)  [Ref.  12]. 

Intel  based  their  architecture  upon  a  number  of 
fundamental  assumptions.  These  assumptions  include  design 
characteristics,  and  trust  relationships. 

In  order  to  achieve  their  goal  of  interoperability  and 
extensibility,  the  architecture  was  designed  from  the  start 
to  be  built  in  a  series  of  layers.  Each  layer  is  designed 
to  provide  services  to  the  layer  above  it .  The  layered 
approach  is  modular,  adaptable,  and  portable.  Each  of  these 
features  is  highly  desirable  in  any  industrial -strength 
software  engineering  project. 

Intel  makes  broad  claims  regarding  the  security  of  CDSA 
[Ref.  12].  Nonetheless,  the  security  provided  by  CDSA  is 
limited  by  the  protection  provided  by  the  underlying 
operating  system.  Since  cryptography  forms  the  heart  of 
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CDSA  protection,  the  protection  of  keys  and  methods  on  each 
host  becomes  a  critical  aspect  of  security.  If  these  keys 
are  subject  to  unauthorized  modification  or  disclosure,  the 
application  executing  on  top  of  CDSA  is  compromised.  Thus, 
we  see  that  unless  carefully  integrated  into  a  high 
assurance  platform,  CDSA  protection  will  only  deter 
attackers  with  limited  resources.  The  premise  of  our  work 
is  that  CDSA  may,  in  fact,  be  integrated  into  a  platform 
having  a  level  of  assurance  commensurate  with  the  data. 

Another  architectural  assumption  that  bears  discussion 
is  the  representation  of  trust  relationships .  CDSA  relies 
on  digital  certificates  as  the  basis  for  identification  and 
authentication  functions.  Certificates  may  also  carry 
authorization  information.  CDSA  does  not  mandate  trust 
relationships  or  security  policies,  but  it  does  allow 
applications  to  enforce  them  using  its  services. 

CDSA  defines  the  infrastructure  for  a  comprehensive  set 
of  security  services.  The  CDSA  consists  of  three  basic 
layers  (see  Figure  7) : 

■  A  set  of  system  security  services, 

■  The  Common  Security  Services  Manager  (CSSM) ,  and 

■  Add-in  Security  Modules. 


44 


The  layered  design  of  the  architecture  allows  for 
extensibility  of  security  mechanisms  as  future  enhancements 
become  available.  In  addition  to  the  vertical  layers,  the 
security  modules  are  horizontally  divided  by  function. 
Each  of  these  layers  is  described  in  detail  in  the  following 
paragraphs . 
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Figure  7  Conmon  Data  Security  Architecture  [Ref.  12] 


A.  SYSTEM  SECURITY  SERVICES 

Sophisticated  security  protocols,  based  on  the  Common 
Security  Services  Manager  and  its  add-in  modules,  may  be 
defined  and  implemented  at  the  system  security  services 
architectural  layer.  CDSA  documents  claim  that  the 
following  services  can  be  provided:  [Ref.  12] 

■  Secure  and  private  file  systems, 

■  Protocols  for  secure  electronic  commerce. 


■  Protocols  for  private  communications, 

■  Multi-language  access  to  the  CSSM  API,  and 

■  CSSM  management  tools. 

Examples  of  these  protocols  may  include  Pretty  Good 
Privacy  (PGP)  [Ref.  13],  Secure  Electronic  Transaction  (SET) 
[Ref.  14],  Secure  Sockets  Layer  (SSL)  [Ref.  15],  and  Secure 
Multipurpose  Internet  Mail  Extensions  (S/MIME)  [Ref.  16]  . 
These  protocols  support  secure  file  systems,  secure 
electronic  commerce,  secure  network  communications,  and 
secure  electronic  mail,  respectively.  An  example  of  multi¬ 
language  support  is  the  CSSM- Java  API,  which  allows  Java 
developers  the  capability  to  include  CSSM  functions  in  their 
applications.  CSSM  management  tools  may  include 

installation  and  configuration  utilities. 

B.  COMMON  SECURITY  SERVICES  MANAGER  (CSSM) 

The  main  infrastructure  component  of  CDSA  is  the  Common 
Security  Services  Manager.  The  CSSM  integrates  the  security 
functions  required  by  applications  programs.  From  the 
application  developer's  point  of  view,  this  is  a  great  idea, 
because  it  facilitates  the  design  and  implementation  of  the 
final  product.  It  allows  the  developer  to  concentrate  on 
his  primary  mission,  i.e. ,  producing  an  application  program, 
rather  than  the  low  level  details  of  complex  cryptographic 
algorithms.  The  CSSM  services  are  organized  into  the 
following  categories : 
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■  CSSM  Security  API, 

■  CSSM  Core  Services,  and 

■  Module  Managers . 

The  services  provided  are  shown  below  in  Figure  8 . 


Figure  8  CSSM  Services  [Ref.  12] 


1.  CSSM  Security  API 

The  CSSM  Security  API  is  the  defined  interface  through 
which  application  programs  access  security  services.  The 
API  includes  hundreds  of  function  definitions  related  to 
security.  Applications  may  request  security  services 

directly  through  the  CSSM  Security  API  or  indirectly  via 
layered  security  services  and  tools  implemented  over  the 
CSSM  API.  In  addition,  the  API  provides  a  means  for 
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accessing  service -provider,  module-specific  mechanisms  via 
pass-through  functions . 

2 .  CSSM  Core  Services 

Services  that  pertain  to  the  installation  and 
management  of  the  CSSM  are  Core  Services.  These  services 

are  implemented  by  the  CSSM,  not  by  add-in  modules.  The 
four  Core  Service  categories  are  described  below. 

a)  Security  Context  Management 

A  security  context  is  a  run-time  data  structure 
that  contains  the  security  related  parameters  required  to 
execute  a  cryptographic  function.  In  order  to  perform 
cryptography,  applications  programs  must  gather  numerous 
attributes,  such  as  algorithm  identifiers  and  key  sizes. 
These  attributes  are  aggregated  by  a  call  to  a  security 
context  creation  function.  A  handle  to  the  new  security 
context  is  returned  to  the  application.  The  application  may 
use  the  context  handle  as  an  input  to  a  cryptographic 
function  along  with  the  data  to  be  operated  upon. 

Security  context  management  functions  handle  the 
creation  and  deletion  of  contexts.  The  use  of  security 
contexts  is  beneficial  because  of  their  reusability.  Once 
the  overhead  of  creating  a  context  has  been  spent,  there  is 
no  ■  further  performance  penalty  for  reusing  the  context  as 
needed.  An  application  that  repeatedly  performs  a  CSSM  API 
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function  can  improve  its  execution  performance  by  saving 
context  handles  for  future  function  calls. 

b)  General  Module  Management 

An  add-in  module  is  a  product  provided  by  a 

hardware  or  software  vendor  that  performs  security  services. 
In  order  for  an  application  to  use  the  functions  of  an  add¬ 
in  module,  the  add-in  module  must  be  selected  and  installed 
(attached) .  Information  pertaining  to  attached  components 
is  stored  in  a  registry.  The  module  management  functions  of 
the  CSSM  allow  an  application  to  query  the  features  and 
status  of  add-ins.  The  query  may  return  descriptive 
attributes  specific  to  the  particular  add-in.  The 

application  can  use  the  results  of  the  query  to  selectively 
determine  which  add-in  modules  to  dynamically  load  and  use. 
This  feature  could  be  useful  in  a  dynamic  operational 
environment  where  the  security  requirements  of  the 
application  are  subject  to  change.  Naturally,  the  module 
management  also  offers  functions  for  detaching  and 
uninstalling  modules  after  they  are  no  longer  required. 

c)  Integrity  Services 

Protection  of  CSSM  components  from  tampering  is 
provided  by  integrity  services.  Upon  creation,  the  CSSM 

itself  is  digitally  signed.  At  the  time  of  installation, 
the  CSSM  will  verify  its  signature.  This  assures  the  user 
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that  the  CSSM  is  authentic  and  has  not  been  modified  since 
it  was  distributed  from  the  manufacturer. 

Additionally,  the  integrity  of  add-in  modules  can 
be  checked  as  they  are  dynamically  loaded.  The  CSSM 
performs  an  authentication  procedure  as  part  of  the  add-in 
module  attachment  process.  If  the  authentication  fails,  the 
attachment  will  abort,  and  the  add-in  module  will  not  be 
available  to  the  application  program. 

CDSA's  notion  of  self -protecting  integrity  domains 
is  flawed,  without  an  underlying  domain  mechanism.  If  a 
malicious  element  is  able  to  control  the  portions  of  the 
system  upon  which  CDSA  depends,  it  can  completely  subvert 
CDSA  integrity.  Once  again,  we  see  that  CDSA  is  only  as 
trustworthy  as  the  underlying  computing  platform. 

d)  Memory  Management 

CSSM- created  objects  require  allocation  of  random 
access  memory  for  non-persistent  storage.  Therefore,  the 
CSSM  includes  functions  for  the  management  of  memory 
resources.  Application  developers  have  the  option  of 
allocating  memory  within  the  application  program,  or 
requesting  the  CSSM  to  allocate  it  from  the  CSSM's  own 
memory  heap.  This  memory  management  option  supports  the 
broadest  range  of  potential  architectures.  Applications  can 
use  the  CSSM  memory  management  functions  to  free  memory 
dedicated  to  objects  that  are  no  longer  needed. 
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3 .  Module  Managers 

The  matching  of  a  CSSM  Security  API  function  call  to 
the  appropriate  Service  Provider  Interface  (SPI)  function  is 
the  job  of  the  module  manager.  The  CSSM  has  organized 
security  services  into  four  basic  categories  and  has  defined 
a  module  manager  for  each  service  as  follows : 

■  Cryptographic  Services  Manager, 

■  Trust  Policy  Services  Manager, 

■  Certificate  Services  Manager,  and 

■  Data  Store  Services  Manager. 

Each  module  manager  administers  the  corresponding  add¬ 
in  module  installed  on  the  local  system.  Module  managers 
define  the  API  for  their  particular  module. 

C.  SECURITY  ADD-IN  MODULES 

Cryptographic  operations,  security  policy  decisions, 
and  certificate  manipulation  operations  are  performed  by 
security  add-in  modules.  Application  developers  may 
purchase  add-in  modules  from  hardware  and  software  vendors, 
thus  freeing  themselves  from  the  burden  of  developing 
security  specific  code.  Add-in  modules  are  divided  into 
four  functional  subsets: 

1.  Ciryptographic  Service  Provider  Module 

The  CSSM  does  not  perform  cryptographic  algorithms . 
Rather,  the  CSSM  provides  applications  programs  with  access 
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to  cryptographic  mechanisms  implemented  via  Cryptographic 
Service  Provider  (CSP)  modules.  For  this  reason,  the  CSSM 
is  known  as  crypto  with  a  hole,  where  the  hole  is  filled  by 

the  CSP  vendor's  product  [Ref.  12] . 

The  benefit  of  modular  CSPs  lies  in  their 
exchangeability.  Application  developers  can  pick  and  choose 
their  CSP  as  required.  CSPs  may  be  implemented  in  hardware 
or  software.  The  application  requesting  CSP  service  uses 
the  same  API  function  calls  in  either  case.  However,  we 
would  expect  that  a  hardware  implementation  would  be  more 
tamper  resistant  than  a  software  CSP. 

A  general  purpose  CSP  can  be  used  to  perform  the 
following  cryptographic  functions  and  services:  [Ref.  12] 

■  Bulk  Encryption  and  Decryption, 

■  Digital  Signing  and  Verification, 

■  Cryptographic  Hash, 

■  Key  generation, 

■  Random  Number  Generator,  and 

■  Encrypted  Storage  of  private  keys. 

Specific  instances  of  CSPs  may  include  more  or  less 
functionality  as  determined  by  the  individual  service 
provider . 
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2.  Trust  Policy  Module 

The  primary  purpose  of  the  trust  policy  module  is  to 
answer  the  question  “Is  this  certificate  trusted  for  this 

action?”  [Ref.  12]  Thus,  application  developers  can  place 

the  policy-specific  business  rules  of  their  application  into 
one  module.  Whenever  an  access  decision  needs  to  be  made, 
the  application  forwards  the  requester's  certificate,  and 
requested  action  to  the  trust  policy  module  for  review.  The 
trust  policy  module  will  respond  appropriately,  based  upon 
the  access  control  rules  programmed  into  the  module. 

3 .  Certificate  Library  Module 

The  certificate  library  module  performs  operations  on 
memory- resident  certificates  and  certificate  revocation 
lists  (CRLs) .  CDSA  defines  the  following  operations  that 
any  certificate  library  module  should  be  able  to  perform: 
[Ref.  12] 

■  Create  new  certificates  and  new  CRLs, 

■  Sign  existing  certificates  and  existing  CRLs, 

■  Verify  the  signature  of  existing  certificates  and 
CRLs, 

■  Extract  values,  such  as  a  ptiblic  key,  from 
certificates, 

■  Import  and  export  certificates  of  other  data 
formats , 
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■  Revoke  certificates, 

■  Reinstate  revoked  certificates,  and 

■  Search  certificate  revocation  lists. 

CDSA  does  not  mandate  any  particular  certificate 
foiroat.  Those  design  decisions  are  left  up  to  the  module 
developer.  Therefore,  as  new  standard  certificate  formats 
are  designed  and  accepted  by  industry,  updated  certificate 
modules  can  be  employed  without  have  to  redesign  the 
application  program. 

4 .  Data  Storage  Library  Module 

The  primary  purpose  of  the  data  storage  module  is  to 
provide  secure,  persistent  storage  for  certificates,  and 
certificate  revocation  lists  [Ref.  12]  .  A  data  storage 
library  module  performs  the  following  operations: 

■  Opening  and  closing  data  stores, 

■  Creating  and  deleting  data  stores, 

■  Importing  and  exporting  data  stores,  and 

■  Data  object  manipulations,  such  as  insertion, 
update,  deletion,  and  retrieval. 

Service  providers  may  design  and  implement  data  storage 
library  modules  from  scratch  or  they  may  take  advantage  of 
an  underlying  commercial  database  management  system  (DBMS) . 
Either  way,  the  application  developer  need  not  be  concerned 
with  the  details  of  storing  data  objects. 
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D.  SUMMARY 

Since  its  release  for  public  review,  Intel ' s  CDSA  has 
generated  support  from  the  computing  industry.  In  January, 
1998,  The  Open  Group  announced  that  it  had  adopted  Intel's 
Common  Data  Security  Architecture  (CDSA  2.0)  specification 
as  an  industry- accepted  specification  for  the  development  of 
secure  applications  that  are  interoperable,  extensible,  and 
offer  cross  platform  support  [Ref.  17].  MSHN  can  benefit 
from  the  seirvices  provided  by  CDSA.  Chapter  VI  describes  a 
security- enhanced  MSHN  architecture,,  along  with  a  prototype 
demonstration  that  uses  CDSA  security  mechanisms. 
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VI.  SECURITY  ENHANCED  MSHN  ARCHITECTURE 


Given  the  initial  MHSN  architecture  described  in 
Chapter  III  and  the  requirements  for  security  as  discussed 
in  Chapter  IV,  we  now  describe  an  enhanced  MSHN 
architecture  and  prototype  demonstration,  designed  •  to 
satisfy  a  limited  security  policy. 

A.  ASSUMPTIONS 

1.  Application  Level  Security 

MSHN  is  designed  to  execute  in  a  heterogeneous 
computing  platform  environment.  Machines  within  the  VHM  may 
have  differing  operating  systems,  central  processing  units, 
and  communications  protocols.  MSHN  acts  as  middleware:  it 
will  not  require  any  OS  modifications,  nor  will  it  rely  upon 
any  of  the  unique  security  features  of  any  particular  OS  or 
CPU. 

MSHN  executes  in  user  mode.  Each  of  MSHN's  components 
runs  with  the  privileges  of  the  user  who  invoked  it .  It  is 
intended  that  MSHN  not  have  arbitrary  control  over  the  host 
executing  it.  This  implies  that  MSHN  should  not  have 
supervisory,  i.e.,  “root”,  privilege  within  a  system. 

Therefore,  MSHN  can  provide  confidence  of  correct  security 
policy  enforcement  only  to  the  extent  that  any  application 
can.  The  dependency  of  MSHN  upon  the  operating  system 
underlying  it  determines  the  assurance  environment.  User- 
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level  middleware  will  only  be  as  secure  as  the  operating 
system  and  hardware  it  relies  upon.  No  matter  how  well  any 
user-level  middleware  is  able  to  deny  an  attack,  it  will 
still  be  susceptible  to  penetration  if  the  underlying  OS  is 
weak.  The  dependency  upon  underlying  mechanisms  is  also 
true  of  other  resource  management  systems,  such  as  Globus 
[Ref.  18],  and  Legion  [Ref.  19]  which  exist  above  the 
operating  system.  They  are  vulnerable  to  attacks  via 
underlying  layers. 

2.  User  Identification  and  Authentication 

Each  user  will  have  an  individual  account  on  every 
machine  they  are  authorized  to  use  throughout  the  VHM. 
Therefore,  the  assumption  is  that  the  I  &  A  facilities 
(i.e.,  login  and  password)  of  the  user's  client  machine 
along  with  those  of  the  compute  resources  will  be  used  to 
verify  the  identity  and  authenticity  of  the  user.  (Details 
of  the  overall  MSHN  architecture  are  still  under  development 
and  the  use  of  remote  login  facilities  may  be  considered) . 
For  each  user,  MSHN  will  maintain  a  list  of  the  machines 
where  that  user  has  an  account .  The  Scheduling  Server  will 
consult  this  list  as  part  of  its  algorithm  for  determining 
which  machine  to  run  a  job  on. 

3.  Public  Key  Infrastructure 

In  this  thesis,  we  suggest  that  MSHN  rely  on  public  key 
technology  for  the  implementation  of  security  mechanisms. 
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Our  enhanced  architecture  assumes  the  existence  and 
availability  of  standard  directory  services  such  as 
Lightweight  Directory  Access  Protocol  (LDAP)  or  X.500. 
Additionally,  we  assume  that  some  form  of  standard 
certificate,  such  as  X.509  will  be  available. 

This  approach  to  key  management  is  in  contrast  with 
that  taken  by  the  National  Computational  Science  Alliance, 
of  which  Globus  is  a  member  [Ref.  1]  .  Their  approach  uses 
Pretty  Good  Privacy  (PGP)  public  key  encryption  software  for 
securing  messages.  PGP  relies  upon  introductions  for 

establishing  trust  relationships.  These  relationships  are 
fundamentally  ad  hoc,  whereas  X.500  is  authority  based,  and 
therefore  moire  appropriate  for  the  Department  of  Defense 
[Ref.  20]  . 

The  Legion  resource  management  system  eschews  any 
notion  of  hierarchical  trust.  For  this  system,  it  is 
proposed  to  tie  key  management  and  authentication  directly 
to  each  object  with  the  support  of  an  authorizing  component 
in  the  architecture  [Ref.  19]  .  Thus,  each  object  proclaims 
itself,  and  other  entities  in  the  system  must  interpret  that 
proclamation.  See  [Ref.  21]  for  further  discussion  of 
related  work. 

It  is  assumed  that  the  MSHN  Core  components  (Scheduler, 
RSS,  RRD)  each  have  a  public/private  key  pair  available.  To 
simplify  the  architecture,  the  Scheduler,  RSS,  and  RRD  will 
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share  a  common  MSHN  core  certificate.  Hence,  the  MSHN  core 
components  will  also  share  a  common  public/private  key  pair. 
Additionally,  each  user  can  obtain  a  certificate  that 
provides  a  binding  between  the  user's  identity  and  his/her 
public  key. 

4 .  Compute  Resources 

MSHN  will  maintain  a  database  of  registered  compute 
resources  (including  network  and  file  and  database  servers) . 
MSHN  core  components  will  be  responsible  for  adding, 
deleting  and  updating  this  database.  All  of  the  code  and 
data  required  to  run  the  job  will  either  be  packaged  by  the 
client  library  and  transported  to  the  compute  resource  for 
execution,  or  the  MSHN  execution  shell  at  the  compute 
resource  will  fetch  the  code  and  data  from  the  appropriate 
locations.  Since  our  revised  architecture  will  rely  upon 
the  Public  Key  Infrastructure,  there  must  exist  facilities 
for  the  storage  of  private  keys  at  each  compute  resource. 
The  prototype  demonstration  will  use  the  key  storage 
facilities  provided  by  the  CDSA  crypto -service  module  to 
satisfy  this  requirement. 

5 .  Client  Library 

It  is  assumed  that  the  client  library  is  benign,  that 
is,  free  from  malicious  code. 
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6. 


User  Intent 


It  is  assumed  that  since  the  users  do  not  have  to  use 
MSHN  to  run  their  jobs  (they  already  have  permission  to 
execute  jobs  on  machines  in  the  VHM)  ,  they  will  not 
intentionally  mislead  MSHN  with  bogus  run-time  parameters. 

B.  MSHN  SECURITY  POLICY 

Based  upon  the  assumptions  above  and  their  implied 
restrictions,  we  now  describe  the  security  policy  for  our 
proposed  enhanced  MSHN  architecture . 

■  MSHN  will  use  cryptographic  techniques  to  create 
separate  domains  between  the  MSHN  core  components 
and  the  user's  application, 

■  MSHN  will  protect  its  databases  (RSS/RRD)  from 
malicious  updates  attempted  by  non-MSHN  jobs, 

■  MSHN  will  authenticate  messages  communicated  between 
its  core  components  such  as  Query /Response  messages 
between  the  Scheduling  Server  and  the  RSS/RRD, 

■  MSHN  will  provide  guaranteed  integrity  of 
communications,  if  required  by  the  user, 

■  MSHN  will  provide  confidentiality  protection  of 
communications  (encryption)  if  required  by  the  user, 
and 

■  MSHN  will  provide  an  audit  trail. 
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C .  DOMAIN  FRAMEWORK 

The  notion  of  a  program  integrity  policy  was  proposed 
by  L.  Shirley  and  R.  Schell  [Ref.  22]  .  Program  integrity 
means  that  modification  to  executable  programs  by 
untrustworthy  subjects  is  prohibited.  In  essence,  it  is  a 
policy  to  ensure  that  more  sensitive  programs  remain 
tamperproof.  Shirley  and  Schell  recommend  solving  the 
program  integrity  problem  by  assigning  programs  to  an 
ordered  set  of  access  classes.  The  access  classes  map  to 
separate  domains,  and  an  underlying  kernel  mechanism 
enforces  the  integrity  policy. 

The  basis  for  protection  in  the  enhanced  MSHN 
architecture  is  the  separation  of  components  into  domains 
via  cryptographic  techniques.  Figure  9  displays  the  MSHN 
domain  framework.  The  domains  are  ordered  in  terms  of 
privilege.  From  MSHN's  point  of  view,  user  applications 
are  the  least  privileged  and  are  granted  the  least  trust, 
while  MSHN  core  components  are  more  privileged  and  are 
granted  a  higher  level  of  trust. 

Additionally,  users  are  separated  from  one  another  by 
relying  upon  authentication  and  a  unique  session  key  for 
each  job  submitted  to  MSHN.  The  use  of  a  per  job  session 
key  also  allows  the  MSHN  core  components  to  guarantee  the 
authenticity  of  status  messages  sent  by  executing  user  jobs 
and  to  reject  bogus  database  updates. 
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By  creating  domains,  the  damage  incurred  by  a  security 
incident,  such  as  the  compromise  of  a  key,  is  limited  to  the 
components  of  that  domain. 

The  intent  of  the  enhanced  security  architecture  is  to 
develop  a  framework  that  can  take  advantage  of  program 
integrity  mechanisms,  such  as  those  described  by  Shirley  and 
Schell,  that  would  be  available  in  a  high  assurance 
platform. 

Application 

•lowest  integrity 


MSHN  Client  Services 


Figure  9  MSHN  Domain  Framework 

The  computers  that  MSHN  will  execute  upon  do  not 
necessarily  have  the  ability  to  run  applications  in  separate 
domains.  Through  the  use  of  cryptography,  this  domain 
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framework  will  allow  all  MSHN  resources  to  maintain  separate 
lightweight  security  domains. 

D.  MSHN  SECURITY  MECHANISMS 

The  enhanced  MSHN  architecture  will  provide  the 
following  security  mechanisms : 

■  Administrative  Control, 

■  Authenticated  RSS/RRD  updates, 

■  Authenticated  Query/Response  and  Call  Back  Signals, 

■  Audit  Trail,  and 

■  Protected  Communications  (Encryption) . 

Authentication  of  messages  between  MSHN  components 

using  public  key  technology  is  relatively  straight  forward. 
Assume  each  component  has  a  private  key  maintained  in  a 
secure  manner.  Also  assume  that  each  component  has  a 
corresponding  public  key  which  is  published  in  a  known 
directory  service.  Then,  each  component  could  be  assured  of 
authentic  messages  using  the  protocol  described  in  Figure 
10. 
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1.  Client  Library  generates  an  Update  message,  and  passes  it  to  the  CL  Security  Module. 

2.  Security  Module  digitally  signs  the  Update  message  using  its  private  key. 

3.  Security  Module  transmits  signed  Update  message  to  RRD. 

4.  Security  Module  optionally  creates  an  audit  record  and  sends  it  to  the  audit  server. 

5.  RRD  receives  the  signed  Update  message  and  calls  its  Security  Module  to  verify  the 
signature  using  the  Client  Library’s  public  key. 

6.  If  the  signature  verification  is  successful,  the  RRD  is  assured  that  the  Update  message 
could  only  have  come  from  an  authentic  MSHN  Client  Library. 

Figure  10  PKI  Authentication  Protocol 

We  note  that  this  protocol  does  not  ensure  the 

confidentiality  of  the  Update  message.  If  the 

communications  path  between  the  components  is  subject  to 
eavesdropping,  then  the  unauthorized  disclosure  of  the 
Update  message  is  possible.  If  confidentiality  were 
required,  then  the  Update  message  would  require  an 
additional  step  before  transmission.  First,  the  Update 
would  be  digitally  signed  with  the  originator's  private  key 
(guaranteeing  authenticity) .  Second,  the  signed  Update 
message  would  be  encrypted,  using  the  receiver's  public  key 
(guaranteeing  privacy) .  This  same  protocol  could  be  used  in 
a  similar  manner  for  the  authentication  and  confidentiality 
of  messages  between  any  of  the  components  of  MSHN. 
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An  alternative,  and  more  efficient  method  for  the 
authentication  of  messages  between  MSHN  components  would  be 
to  use  public  key  techniques  to  distribute  a  symmetric 
communications  session  key  to  all  the  components.  Once  the 
initial  overhead  of  distributing  the  symmetric  key  has  taken 
place,  then  encryption  of  messages  could  be  performed  using 
the  much  faster  symmetric  algorithms.  This  method  would 
protect  the  authenticity  of  the  message  and  guarantee 
privacy.  Figure  11  describes  the  hybrid  public  key 
distribution,  symmetric  bulk  encryption  method. 


1 .  MSHN  Scheduler  Security  Module  generates  a  symmetric  session  key  along  with 
a  message  digest  of  the  same  key.  The  digest  is  encrypted  with  die  MSHN  Core 
private  key.  The  key  and  digest  are  bundled  and  encrypted  with  the  MSHN  Core 
public  key,  and  transported  to  the  other  MSHN  Core  components. 

2.  Security  Module  at  RSS  and  RRD  decrypt  the  bundle  using  their  MSHN  Core 
private  key.  Privacy  of  the  bundle  is  guaranteed  because  only  the  holder  of  the 
MSHN  Core  private  key  could  decrypt  it. 

3.  Security  Module  at  RSS  and  RDD  decrypt  the  message  digest  of  the  session  key 
using  their  MSHN  Core  public  key.  Authenticity  of  the  digest  originator  is 
guaranteed  because  only  the  holder  of  the  MSHN  Core  private  key  could  have 
encrypted  the  digest. 

4.  Security  Module  at  RSS  and  RDD  generate  a  message  digest  of  the  session  key 

and  compare  it  with  the  digest  included  in  the  bundle.  If  the  digests  match,  the 
integrity  of  the  session  key  is  guaranteed. _ _ 

Figure  11  MSHN  Core  Component  Session  Key  Distribution 
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The  communications  protocols  described  earlier  have  not 
been  formally  evaluated.  The  actual  implementation  of  the 
key  exchange  and  message  authentication  procedures  may 
require  the  use  of  a  timestamp  and/or  nonce  (one  time  use 
number  or  identifier)  [Ref.  13]  to  prevent  replay  attacks. 

E .  REVISED  ARCHITECTURE 

The  implementation  of  the  MSHN  security  mechanisms  will 
require  that  several  components  be  added  to  the  architecture 
described  in  Chapter  III.  A  high  level  view  of  the  revised 
architecture  is  shown  in  Figure  12 . 


Figure  12  MSHN  Revised  Architecture 
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1 .  Security  Modules 

Each  of  the  original  components:  Scheduling  Server, 
Resource  Status  Server,  and  Resource  Requirements  Database 
will  be  augmented  by  a  Security  Module.  The  purpose  of  the 
Security  Module  is  to  perform  the  following  cryptographic 
operations : 

■  Generate  symmetric  keys  and  asymmetric  key  pairs, 

■  Calculate  Message  Hash  (Digest) , 

■  Encrypt /Decrypt  (both  symmetric  and  asymmetric 

algorithms) , 

■  Verify  Signatures,  and 

■  Sign  Messages . 

The  Security  Module  at  the  Scheduling  Server  has  the 
additional  responsibility  of  creating  and  maintaining  a  MSHN 
Job  Request  Database . 

2 .  Key  Storage  Service 

A  secure  key  storage  facility  will  reside  and  execute 
at  each  compute  resource  within  the  VHM.  Each  compute 
resource  must  have  a  unique  PPK  pair.  The  private  key  of 
that  pair  will  be  stored  and  protected  by  the  key  storage 
service.  The  private  key  will  be  used  to  guarantee  that  the 
job  sent  to  the  compute  resource  is  only  readable  by  the 
bona  fide  resource. 
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3. 


Audit  Server 


The  audit  server  will  be  the  repository  for  the  audit 
log.  As  transactions  are  processed  throughout  the  MSHN 
components,  applicable  audit  entries  will  be  forwarded  to 
the  audit  server  for  inclusion  into  the  log.  The  audit 
server  will  provide  an  interface  through  which  the  MSHN 
administrator  can  review  previous  MSHN  activity,  and  modify 
the  list  of  events  to  be  audited. 

F.  MSHN  EXECUTION  SCENARIO 

The  best  way  to  describe  the  function  of  each  of  the 
MSHN  components  is  to  walk  through  a  sample  job  execution 
flow  from  initiation  by  the  user  to  return  of  the  output 
from  the  compute  resource.  The  following  notation  will  be 
used  to  describe  the  cryptographic  procedures : 

■  Ekey[]  :  Encrypt  contents  of  []  using  key 

■  Dkey[]  :  Decrypt  contents  of  []  using  key 

■  SkeyO :  Create  a  Digital  Signature  of  ()  using  key 

■  Kg:  Symmetric  MSHN  core  session  key 

■  Kj :  Symmetric  MSHN  job  session  key 

■  Upri:  User's  private  key 

■  Upui,:  User's  public  key 
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■  User's  certificate 

■  Corepri:  MSHN  core  private  key 

■  Corepui,:  MSHN  core  public  key 

■  Core^ert:  MSHN  core  certificate 

■  Rpri:  Compute  resource  private  key 

■  Rpuj,:  Compute  resource  public  key 

■  Dig:  Message  Digest 

The  following  discussion  describes  a  typical  job 
execution  scenario,  assuming  that  the  user  choose  both  the 
integrity  and  confidentiality  security  option. 

1.  Initialization 


Prior  to  the  execution  of  any  jobs,  a  MSHN 
initialization  procedure  takes  place.  During  this 
procedure,  the  MSHN  core  components,  i.e..  Scheduler,  RSS, 
and  RRD,  will  synchronize  on  a  unique  symmetric  session  key. 
The  symmetric  key  will  be  used  for  bulk  encryption  due  to 
its  significant  performance  advantages.  The  initialization 
procedure  is  invoked  by  the  Security  Module  on  the  Scheduler 
(or  other  designated  MSHN  core  master  server)  at  the  request 
of  the  MSHN  Administrator.  The  MSHN  Administrator  will 
start  the  Scheduler  and  supply  it  with  a  parameter 


specifying  the  required  MSHN  Core  communications  security 
option.  The  MSHN  Core  communications  security  option  ranges 
from  no  security  checks,  to  integrity  check. 
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confidentiality,  to  a  combination  of  integrity  and 
conf i dent i al i ty . 

The  Security  Module  on  the  Scheduler  will  generate  a 
unique,  symmetric  MSHN  session  key  (Kg) .  The  security 
module  will  generate  a  message  digest  (Dig)  of  the  MSHN 
session  key  and  encrypt  the  message  digest  with  the  MSHN 
core  private  key.  Then  it  will  bundle  the  MSHN  Session  key 

with  the  encrypted  digest  and  encrypt  the  bundle  with  the 

MSHN  core  public  key. 

Bundle  =  Ecorep^  [Kg,  Ecorep^i  (Dig  (Kg)  )  ] 

The  bundle  will  then  be  transmitted  to  the  other  core 
components . 

The  Security  Module  on  the  RSS  and  RRD  will  receive  the 
bundle  from  the  Scheduler  and  decrypt  it  using  the  MSHN  core 
private  key.  The  message  digest  will  be  decrypted  using  the 
MSHN  core  public  key.  Next  the  MSHN  session  key  will  be 
verified  by  generating  a  message  digest  of  the  key  and 

comparing  it  to  the  digest  that  was  included  in  the  bundle. 

If  the  verification  test  passes  then  we  have  established  the 
secure  transmission  of  a  session  key  at  each  of  the  MSHN 
core  components  and  MSHN  is  prepared  to  accept  user  jobs. 

2 .  MSHN  Job  Request 

The  user  at  the  client  machine  starts  the  MSHN  shell. 
The  user  will  specify  the  required  communications  security 
option.  All  the  job  information,  parameters  and  the  user's 
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certificate  are  bundled  and,  if  requested,  signed  with  the 
user's  private  key,  and  encrypted  with  the  MSHN  Core  public 
key. 

Bundle  =  Ecorep^[SUp,i(U,,,t/  Job  Info)] 

The  bundle  is  then  transmitted  to  the  Scheduling 
Server . 

3 .  Scheduling 

The  Security  Module  at  the  Scheduling  Server  will 
receive  the  user's  job  request  bundle  and  decrypt  the  bundle 
using  the  MSHN  Core  private  key.  The  Security  Module  will 
•yg^rify  the  user's  certificate  based  upon  the  certificate 
validation  level  and  verify  the  signature  on  the  inputs 
using  the  user's  public  key  from  the  enclosed  certificate. 
If  the  verification  test  passes,  the  Security  Module  will 
generate  a  unique  request  identifier,  followed  by  the 
creation  of  an  entry  in  the  Job  Request  Database  containing 
the  user's  identification,  security  option  required,  and 
request  identifier. 

The  Scheduler  will  now  gather  the  information  it  needs 
to  calculate  a  scheduling  solution.  It  will  query  the  RRD 
and  RSS.  These  queries  and  responses  will  be  encrypted  and 
or  authenticated  as  required  by  the  MSHN  core  communications 
security  option  parameter.  These  communications  will  be 
encrypted  and/or  signed  with  the  MSHN  session  key  (Kg)  that 
was  distributed  at  initialization  time. 
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The  Scheduler  will  calculate  a  solution  based  upon  the 
data  returned  from  the  RSS,  RRD,  and  the  resources 
accessible  to  the  user.  The  Security  Module  on  the 
Scheduler  will  generate  a  unique  job  session  key  (K^) .  The 
job  session  key  will  be  added  to  the  job  request  database, 
and  the  job  request  will  be  distributed  to  the  RSS  and  RRD 
security  modules. 

The  Scheduler  security  module  will  create  a  security 
token,  which  contains  the  job  session  key  encrypted  by  the 
compute  resource's  public  key.  The  job  session  key  will  be 
encrypted  with  the  user's  public  key.  All  items  will  be 
signed  using  the  MSHN  core  private  key,  and  all  these  items, 
along  with  the  Scheduler's  certificate,  will  be  encrypted  by 
the  user's  public  key  and  bundled  as  follows: 

Bundle  =  EUp^[Scorepri(Job  info,  Eup^[Kj], 
token  (ERp^  [K^]  )  ,  Core^^^^)  ] 

This  bundle  will  be  transmitted  to  the  MSHN  shell  on 
the  client  machine. 

4 .  Application  Execution 

After  receiving  the  job  information  from  the  Scheduler, 
the  MSHN  shell  will  decrypt  the  bundle  using  the  user's 
private  key  and  verify  the  signature  of  the  job  data  using 
the  Scheduler's  public  key.  It  will  decrypt  the  job  session 
key  using  the  user's  private  key.  The  client  now  knows 
which  compute  resource  to  use.  The  client  bundles  the 
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user's  certificate,  job  info,  and  security  token.  The 
bundle  is  signed  and  encrypted. 

Bundle  =  ERp^[SUpri(U^ert»  token,  job  info)] 

The  bundle  is  then  transmitted  to  the  appropriate 
compute  resource . 

The  compute  resource  accepts  the  bundle  from  the  client 
and  decrypts  it  and  verifies  the  signature.  The  compute 
resource  decrypts  the  job  session  key  that  was  extracted 
from  the  security  token  of  the  bundle.  The  compute  resource 
executes  the  job  application  on  behalf  of  the  user  and 
collects  the  output.  The  application  output  is  signed  and 
encrypted  before  being  transmitted  back  to  the  client . 

Once  the  application  has  completed,  and  possibly  during 
execution  of  the  application,  the  compute  resource  will 
forward  job  statistics  to  the  resource  requirements  database 
and  the  resource  status  server.  These  status  messages  are 
encrypted  and  signed  with  the  job  session  key  before 
transmission  to  the  respective  database  server. 

The  RSS  and  RRD  accept  incoming  job  statistic  messages. 
The  security  module  at  each  server  will  retrieve  the 
appropriate  job  session  key  from  the  job  request  database, 
as  specified  by  the  request  identifier.  The  messages  are 
decrypted  and  verified  using  the  job  session  key  before  they 
are  entered  into  the  database. 
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The  client  accepts  the  application  output  from  the 
compute  resource  and  decrypts/verifies  the  output  before 
presenting  it  to  the  user.  At  this  point,  the  client  has 
finished,  and  will  wait  for  the  user  to  submit  another  job 
or  terminate  the  program. 

G.  PROTOTYPE  IMPLEMENTATION  ARCHITECTURE 

A  complete  implementation  of  the  MSHN  architecture  is 
beyond  the  scope  of  any  one  thesis.  However,  we  have 
developed  a  prototype  security  implementation  to  demonstrate 
how  a  MSHN  server  might  communicate  securely  with  a  MSHN 
client  using  CDSA. 

1.  MSHN  Security  Layer 

The  foundation  of  the  prototype  implementation  is 
encapsulated  in  a  single  C++  class  definition.  This  class 
is  called  the  MSHN  Security  Layer  (MSHN_SL) .  The  purpose  of 
the  MSHN_SL  is  to  provide  an  interface  through  which  MSHN 
can  access  the  underlying  security  mechanisms  provided  via 
CDSA.  C++  was  chosen  as  the  prototype  language  because 
Intel's  reference  CDSA  implementation  is  written  to  support 
C++.  We  choose  to  execute  our  prototype  in  a  Windows  NT  PC 
environment  because  this  was  the  operating  system  upon  which 
Intel's  CDSA  was  implemented. 

We  created  this  layer  as  an  interface  between  MSHN  and 
CDSA  so  that,  in  the  event  that  a  competitive  security  API 
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is  chosen  to  implement  MSHN  security,  rather  than  CDSA,  MSHN 
will  still  function  with  minimal  reprogramming^ , 

2.  MSHN  SECURITY  SERVICES 

The  MSHN  Security  Layer  defines  the  methods  that  are 
invoked  to  support  the  MSHN  security  policy.  These  security 
services  are  defined  below,  and  a  complete  listing  of  the 
source  code  is  included  in  Appendix  A. 

a)  mshn_sl_iiiit: 

This  method  performs  initialization  tasks  as 
required  by  the  underlying  security  API. 

b  )  mshn_sl_crea  te_cert : 

This  method  will  create  a  certificate  to  include 
the  public -private  key  pair  associated  with  it.  The 
certificate  created  will  contain  the  public  key,  while  the 
private  key  is  placed  into  a  secure  key  storage  facility. 

c )  mshn_sl_ge t_cert : 

This  method  will  search  the  certificate  database 
for  a  certificate  whose  subject  name  matches  the  input 
parameter  and  if  found,  returns  the  requested  certificate. 


2  Common  Object  Request  Broker  Architecture  (CORBA)  [Ref. 
23]  and  its  security  services  [Ref.  24]  have  been  under 
consideration  since  December,  1997. 
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d)  msbn_sl_cert_verify: 

This  method  will  check  the  signature  on  a  given 
certificate  and  return  a  Boolean  value  based  upon  the 
signature  verification. 

e)  msbn_sl_cert_revoked: 

This  method  will  check  a  given  certificate  against 
a  certificate  revocation  list  and  return  a  Boolean  value 
depending  on  the  revocation  status. 

f)  msbn_sl_get_public_key: 

This  method  will  return  a  public  key  obtained  from 
a  given  certificate . 

g)  msbn_sl_get_private_key: 

This  method  will  return  a  reference  to  a  private 
key  given  the  associated  public  key. 

h)  mshn_sl_put_audit: 

This  method  will  post  a  transaction  to  the  MSHN 
audit  server . 

i  )  msbn_sl_encrypt : 

This  method  will  accept  a  data  buffer  and  key,  and 
return  an  encrypted  copy  of  the  input  data. 
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j )  mshn_sl_decrypt : 

This  method  will  accept  a  data  buffer  and  key,  and 
return  a  decrypted  copy  of  the  input  data. 

k  }  mshn_sl_sym_key_gen  z 

This  method  generates  a  symmetric  key. 

l)  mshn_sl_asym_key_gen: 

This  method  generates  an  asymmetric 
(public/private)  key  pair. 

m)  mshxi_sl_digest: 

This  method  creates  a  message  digest  for  a  given 
input  buffer  of  data. 

n )  msbn_sl_sign : 

This  method  creates  a  digital  signature  for  a 
given  buffer  of  data. 

o)  msbn_sl_sig_verify 

This  method  accepts  a  signature  and  data  buffer. 
It  returns  a  Boolean  value  depending  on  the  verification  of 
the  signature  against  the  input  data. 

H.  PROTOTYPE  DEMONSTRATION 

Once  the  MSHN_SL  class  was  designed  and  tested,  the 
next  step  was  to  develop  sample  programs  to  simulate  the 
MSHN  Client,  MSHN  Servers:  Scheduler,  Resource  Status 
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Server,  Resource  Requirements  Database,  and  the  Compute 
Resource.  We  created  five  programs  to  test  our  prototype. 
The  programs  executed  on  three  separate  personal  computers 
connected  on  a  local  area  network  (LAN) .  One  PC  served  as 
the  client.  Another  PC  served  as  the  compute  resource,  and 
one  PC  served  as  the  MSHN  scheduler,  MSHN  RSS  and  MSHN  RRD, 
each  of  which  executes  as  a  separate  process.  These 
programs  are  described  below  and  a  complete  listing  of  the 
source  code  is  included  in  Appendix  B. 

1 .  Client 

This  program  simulated  the  user  interface  to  MSHN.  The 
client  accepts  requests  for  MSHN  jobs  from  the  user  and 
initiates  the  MSHN  Scheduler.  After  receiving  scheduling 
advice,  the  Client  submits  the  job  to  the  Compute  Resource. 
Once  execution  of  the  job  is  complete,  the  Client  receives 
the  output  from  the  Compute  Resource,  and  after  verification 
and/or  decryption,  returns  it  to  the  user. 

2 .  Resource 

Resource  substitutes  for  the  actions  taken  by  the 
Compute  Resource.  Upon  start-up.  Resource  goes  into  a  wait 
state.  It  monitors  the  LAN  until  it  receives  a  MSHN  job  to 
execute.  Upon  receipt,  it  will  decrypt  and/or  verify  the 
job  request  bundle  and  execute  the  job.  The  job  output  is 
transmitted  to  the  Client,  and  job  statistics  are  forwarded 
to  the  MSHN  servers  (RSS/RRD) . 
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3.  MSHN  Core:  Scheduler,  RSS  &  RRD 

These  programs  substitute  for  the  actions  taken  by  the 
MSHN  Scheduler,  the  Resource  Status  Server,  and  the  Resource 
Requirements  Database.  Each  program  begins  execution  in  a 
wait  status.  Once  the  scheduler  receives  a  job  request  from 
the  Client,  it  performs  the  required  security  tests,  pauses 
as  a  substitute  for  calculating  a  scheduling  solution  and 
returns  the  scheduling  advice  to  the  Client  along  with  the 
required  security  token.  The  RSS  and  RRD  programs  wait  for 
receipt  of  job  statistics  from  the  compute  resource  and 
after  decryption/verification  of  these  messages,  store  them 
in  their  respective  databases. 

I .  SUMMARY 

The  MSHN  security  services  prototype  demonstrates  that 
the  MSHN_SL  is  a  viable  concept.  It  also  verifies  that  CDSA 
is  a  workable  solution  for  providing  the  necessary 
cryptographic  mechanisms . 
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VII.  RECOMMENDATIONS  AND  CONCLUSIONS 


Clearly,  if  MSHN  is  to  be  successful,  it  must  provide  a 
level  of  trust  and  assurance  consistent  with  the  value  of 
the  information  it  is  processing.  This  thesis  demonstrates 
a  security  architecture  for  MSHN  that  is  practical, 
flexible,  and  can  be  used  to  achieve  the  aforementioned 
goal. 

A.  RECOMMENDATIONS 

The  completion  of  the  MSHN  security  services 
demonstration  program  is  merely  the  starting  point  upon 
which  further  research  can  be  conducted.  Using  this  working 
model,  we  can  now  begin  to  perform  statistical  analysis  on 
the  overhead  cost  of  security,  in  terms  of  computational 
speed . 

The  demonstration  program  is  written  specifically  for 
personal  computers  running  Windows  NT.  We  recommend 
adapting  the  MSHN  security  layer  to  other  platforms,  such  as 
UNIX.  Also,  the  current  demonstration  program  is  written 
specifically  for  Intel's  CDSA  implementation.  We  recommend 
researching  competitive  vendor  cryptographic  products  for 
comparison  versus  the  Intel  baseline. 

Audit  service  is  an  essential  component  of  the  MSHN 
security- enhanced  architecture.  The  current  demonstration 
program  does  not  implement  this  critical  service.  We 
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recommend  further  research  on  the  design  and  implementation 
of  an  audit  server  for  MSHN. 

The  inclusion  of  local  proxy  servers  in  the  MSHN 
architecture  may  affect  the  security  framework  defined  in 
this  thesis.  Their  use  was  not  considered  during  the 
security  architecture  design.  Further  research  is  required 
to  determine  the  security  implications  of  local  proxies. 

B.  SUMMARY  AND  CONCLUSIONS 

When  MSHN  is  fully  implemented,  its  ability  to  maximize 
the  computational  power  of  a  complex,  heterogeneous,  network 
of  resources  will  be  a  valuable  tool.  There  appears  to  be 
no  limit  to  users'  appetite  for  automated  decision  support. 
Military  and  civilian  decision  makers  alike  demand  and 
deserve  the  best  information  available,  in  a  timely  manner. 

MSHN  will  be  well  suited  to  support  command  and  control 
information  systems.  However,  it  is  usable  only  to  the 
extent  that  users  have  confidence  that  the  security  of  their 
sensitive  data  will  be  preserved.  MSHN  must  provide 
security  mechanisms  that  are  transparent  and  that  take 
advantage  of  assurance  in  the  underlying  components  of  the 
VHM.  We  have  concluded  that  the  security  services  provided 
by  the  MSHN  security  layer  can  help  achieve  this  objective. 
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APPENDIX  A.  MSHN  SECURITY  LAYER  SOURCE  CODE 


A.  MSHN_SL.H  HEADER  FILE 

/ ^ ******  *********************************************** 
/ ^ ****************************************  ************* 
II  File;  mshn_sl.h 

//  Name:  David  Shifflett  &  Roger  Wright 

// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95 /Windows  NT 
//  Con^iler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  Security  services  for  MSHN  components 
yy***************************************************** 

#ifndef  _MSHN_SL_H 
#define  _MSHN_SL_H 

#include  "mshn_types . h" 

//  MSHN  Security  layer  class 

//  Maximum  number  of  open  data  stores 


#define  NUM_DS_HANDLES  6 

//  MSHN  Cryptographic  identifiers 
#define  MSHN_NUM_ALG_IDS  4 

#define  MSHN_ALG_DES  1 

#define  MSHN_ALG_MD5  2 

#define  MSHN__ALG_SHA  3 

#define  MSHN  ALG  DSA  4 


//  Cryptographic  algorithm  structure 
typedef  struct  alg_params  { 
int  mshn_id; 
int  alg_id; 
int  alg_mode ; 
int  alg_padding; 

}  alg_j)arams  ; 

class  mshn__sl  { 

//  Class  data 
protected: 

//  Attached  module  handles 

unsigned  int  CL_handle;  //  Cert  Library  module  handle 
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unsigned  int  CSP__handle; 

lonsigned  int  DL_handle; 

uns  igned  int  TP__handle  ; 

//  context  handles 
int  s ig_cont ext ; 

int  sym___context  ; 

int  asym_context ; 

int  dig_context ; 

int  ran_context ; 

int  key_gen__context  ; 

//  open  data  store  handles 
unsigned  int 
char 


//  Crypto  Ser*vices  module  handle 
//  Data  Store  module  handle 
//  Trust  Policy  module  handle 


//  signature  context 
//  symmetric  enc/decrypt  context 
//  asymmetric  enc/decrypt  context 
//  message  digest  context 
//  random  encrypt /decrypt  context 
//  key  generation  context 


ds_handles  [NUM^DS^HANDLES]  ; 
*ds  names  [NUM  DS^HANDLES]  ; 


int  initialized;  //  Has  CSSM  been  initialized? 


//  array  of  crypto  algorithm  structures 
alg_j)arams  *alg_param_array; 


piiblic : 

mshn_sl  ( )  ; 
virtual  ~mshn_sl  ()  ; 

//  The  Security  Layer  databases  will  be  filled  in  based  on 
//  the  values  in  the  configuration  file.  The  underlying 
//  security  services  will  be  "attached”  based  on  the 
//  configuration  values.  Any  necessary  security  "contexts" 
//  will  be  created  by  this  function. 


int  mshn  si  init  (const  char  *config_file_name) ; 


//  This  function  will  create 
//  parameters, 
int  mshn__sl_create_cert  ( 
const  char 
const  char 
const  char 
const  char 
int 

const  mshn_data 
mshn  data 


a  certificate  with  the  provided 


*issuemame, 

*subjectname, 

*valid__from, 

* validate, 
key_alg, 
*public_key, 
*new  cert) ; 


//  This  function  will  find  and  return 
//  the  specified  subject. 

int  mshn_sl_get_cert  ( 

const  char 
mshn  data 


the  certificate  for 


*subjectname, 
*the  cert) ; 
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//  This  function  will  determine  if  the  specified  certificate 
//  is  valid, 

int  mshn_sl_cert_verify  ( 

const  mshn_data  *the__cert, 

int  *cert_valid) ; 

//  This  function  will  determine  if  the  specified  certificate 
//  has  been  revoked. 

int  mshn_sl_cert_r evoked  ( 

const  mshn_data  *the_cert, 

.  int  *cert_revoked)  ; 

//This  function  will  return  the  public  key  for  the  subject 
//  associated  with  the  specified  certificate, 
int  mshn_sl_getjpublic_key  ( 

const  mshn_data  *the_cert, 

mshn_data  *public_key) ; 

//  This  function  will  return  the  private  key  for  the 
//  specified  subject. 

int  mshn_sl_getjprivate_key  ( 

const  mshn_data  *public_key, 

mshn_data  *private_key) ; 

//  This  function  will  write  a  record  to  the  audit  log. 
int  mshn_sl_put_audit  ( 

const  char  *audit_record)  ; 

//  This  function  will  encrypt  the  specified  buffers  using 
//  the  specified  key  and  algorithm.  The  caller  of  this 
/ /  fimction  is  responsible  for  deleting  the  memory  returned 
//by  this  function. 

int  mshn_sl__encrypt  ( 

const  mshn_data  *the_key, 
int  the_alg, 

const  mshn_data  buffer  [], 
int  num_buf  f  er s , 

mshn_data  *enc_buff [] , 

int  *num_encbuffs, 

int  *bytes_enc )  ; 

//  This  fxinction  will  decrypt  the  specified  buffers  using 
//  the  specified  key  and  algorithm.  The  caller  of  this 
//  function  is  responsible  for  deleting  the  memory  returned 
//by  this  function. 

int  mshn_sl_decrypt  ( 

const  mshn_dat a  * t he_key , 
int  the_alg, 

const  mshn_data  enc_buff[], 
int  num_encbuf  f  s , 

mshn_data  *buffer[]  , 
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int  *num_buffers, 

int  *bytes__dec)  ; 


//  This  function  will  create  a  key  to  be  used  with  symmetric 
//  encryption/decryption. 

int  mshn_sl_sym__key_gen  ( 


int 

int 

const  mshn_data 
const  char 
mshn  data 


the_alg, 

key_size, 

salt, 

*key__label , 
*the_key)  ; 


//  This  function  will  create  a  piablic -private  key  pair  to  be 
//  used  with  asymmetric  encryption/decryption, 
int  mshn_sl_asym_key_gen  ( 


int 
int 

const  mshn_data 
const  char 
const  char 
const  char 
mshn  data 


the_alg, 

key_size, 

salt, 

*public_label , 
*private_label , 
*passphrase, 
*the_key) ; 


int 


//  This  fiinction  will  hash  the  specified  buffers  and 
//  generate  a  message  digest. 

mshn_sl_msg_digest  ( 
int  the_alg, 

const  mshn_data  buffer [], 
int  num_buffers, 

mshn  data  ^digest) ; 


// 

// 

// 

// 


This  function  will  produce  a  signature  for  the  specified 
data.  First  the  data  will  imdergo  a  message  digest 


operation.  The  result  of 
encrypted  to  generate  the 
int  mshn__s  l_s  ign  ( 

int 
int 

const  mshn_data 
const  char 
const  mshn_data 
int 

mshn  data 


the  message  digest  will  then  be 
signature. 

the__alg , 
hash___alg, 

*the_key, 

♦password, 
buffer  []  , 
num_buf f ers , 

^signature) ; 


//  This  function  will  verify  a  signature  on  the  specified 
//  data.  First  the  data  will  undergo  a  message  digest 
//  operation.  The  result  of  the  message  digest  will  be 
//  compared  to  the  decryption  of  the  specified  signature, 
int  mshn_sl_sig_verify  ( 

int  the_alg, 

int  hash_alg. 
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const  mshn_data 
const  mshn_data 
int 

const  mshn_data 
int 

//  This  function  will  return  a  character  string  description 
//  of  the  specified  error  code.  The  caller  of  this  function 
//  is  responsible  for  deleting  the  memory  returned  by  this 
//  function. 

char  *mshn_sl_show_error  ( 

int  the_error)  ; 


*the_key, 
buffer  []  , 
num__buf  f  e  r  s , 
* signature, 
*sig_valid) ; 


private : 

//  Get  the  error  code  from  the  xinderlying  services 
int  get_error  ( )  ; 

//  Find  the  chosen  algorithm  structure 
int  find__alg_params  ( 

int  the__id, 

struct  alg_j>arams  &the_params)  ; 

//  Copy  from  the  underlying  key  structure  to  a  mshn_data 

//  structure 

int  key__to_mshn_data  ( 

void  *key_ptr, 

mshn_data  *the_key)  ; 

//  Copy  from  a  mshn_data  structure  to  the  underlying  key 

/ /  structure 

int  mshn_data_to_key  { 

const  mshn_data  *the_key, 
void  **keyjptr) ; 


}; 

#endif 


B.  MSHN_SL.CPP 

//************★*********************★******************************** 
//  File:  inshn_sl.cpp 

//  Name:  David  Shifflett  &  Roger  Wright 

// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 

//******************************************************************* 
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//  Description:  Security  services  for  MSHN  components 
//  MSHN  Security  layer  class 


#include 

#include 

#include 

#include 

#include 

#include 

#include 

#include 

#include 

#include 


<stdio.h> 
<iostream.h> 
<cssm.h> 
<x509defs .h> 
”mshn_sl  .h" 

”  mshn_de  f  s .  h  ” 
”mshn_err  .h" 
”mshn_mem.h" 
"mshnUtil  .h" 
"showutil .h” 


//  constructor 
mshn_sl :  :mshn_sl  { ) 

{ 

CL_handle  =  CSSM_INVALID_HANDLE; 

CSP_handle  =  CSSM_INVALID_HANDLE; 

DL_handle  =  CSSM_1NVALID_HAMDLE ; 

TP_handle  =  CSSM_INVALID_HANDLE ; 
sig_Context  =  CSSM_INVAIiID_HANDLE; 
sym_context  =  CSSM_INVALID_HAIIDLE  ; 
asym_context.  =  CSSM_INVALID_HANDLE; 
dig_context  =  CSSM_INVALID_HANDLE; 
ran_context  =  CSSM_INVALID_HANDLE; 
)cey_gen_context  =  CSSM_INVALID_HANDLE; 
for  (int  idx=0 ;  idx  <  NUM_DS_HANDLES;idx++)  { 
ds_handles [idx]  =  CSSM_INVALID_HANDLE ; 
ds_names [idx]  =  NULL; 

} 

initialized  =  MSHN_FALSE; 
alg_param_array  =  NULL; 

} 

//  destructor 
mshn_sl : : -mshn_sl ( ) 

if  (algjparam_array  1=  NULL)  { 
mshn_f ree (alg_param_array,  NULL) ; 
alg__param_array  =  NULL; 

for  (int  idx=0;  idx  <  NUM__DS_HANDLES ; idx++)  { 
if  (ds_names [idx]  I =  NULL)  { 

mshn_f  ree  (ds_names  [idx]  ,  NULL)  ; 
ds_names  [idx]  =  NULL; 

} 

} 

} 
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//  The  Security  Layer  databases  will  be  filled  in  based  on 
//  the  values  in  the  configuration  file.  The  imderlying 
//  security  services  will  be  "attached"  based  on  the 
//  configuration  values.  Any  necessary  security  "contexts" 

//  will  be  created  by  this  function. 

//  Input:  Configuration  file  name. 

//  Output:  error  code. 

//  Process:  This  method  performs  initialization  tasks  as  required  by 
//  the  underlying  security  API.  The  mshn_sl_init  method  will  read  the 
//  configuration  file  specified  by  the  input  parameter  and  initialize 
//  the  CSSM,  and  add-in  modules  according  to  the  configuration  values. 
//  An  error  code  is  returned  if  the  initialization  is  unsuccessful. 

//  (For  simplicity,  the  demonstration  program  uses  a  dummy  file  name. 
//  The  actual  initialization  data  is  encoded  as  constants  in  the 
//  method.) 


int  mshn_sl :  :mshn_sl_init  ( 
const  char 

{ 

int  result  =  MSHN  OK; 


*  conf  ig_f  i  le_name ) 


if  (initialized  ==  MSHN_TRUE)  { 
result  =  MSHN_INITIAIiIZED; 

}else{ 

//  initialize  CSSM 

CSSM_RETDEN  retval  =  MSHN_CSSM_INIT ( ) ; 
if  (retval  !=  CSSM_OK)  { 

result  =  get_error(); 

}else{ 

//  Now  initialize  the  crypto  algorithm  structures 
//  In  the  future,  get  this  from  a  config  file 
alg_param_array  = 

(alg_params  *)  mshn_malloc (sizeof (alg_params) 

*  MSHN_NUM_ALG_IDS,  NULL) ; 
alg_param_array [0] .mshn_id  =  MSHN_ALG_DES; 

alg__param_array [0] .alg_id  =  CSSM_ALGID_DES; 

alg_param_array [0] .alg_mode  =  CSSM_ALGM0DE_CBCPadIV8; 

alg_jparam_array [0] .alg_padding  =  CSSM_PADDING_PKCS5; 

alg_param_array [1] .mshn_id  =  MSHN_ALG_MD5 ; 

alg_param_array [1] .alg_id  =  CSSM_ALGID_MD5 ; 

alg_param_array [1] .alg_mode  =  0; 

algjparam_array [1] .alg_padding  =  0; 

alg_param_array [2] .mshn_id  =  MSHN_ALG_SHA; 

algjparam_array [2] .alg_id  =  CSSM_ALGID_SHAlWithDSA; 

alg_param_array [2] .alg_mode  =0; 

alg_param_array [2] .alg_padding  =  0; 
alg_param_array [3] .mshn_id  =  MSHN_ALG_DSA; 
alg_param_array [3] .alg_id  =  CSSM_ALGID_DSA; 

alg__param_array  [3]  .alg_mode  =  0; 

alg_param_array [3] .alg_padding  =  0; 
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//  Now  attach  the  CSP,  CL,  DL  modules 
CSSM_LIST_PTR  pGUIDList ; 

CSSM_MODULE_INFO_PTR  pinf o ; 

MSHN_CSP_INIT (pGUIDList ,  pinfo,  CSP_handle) ; 
if  {CSP_handle  ==  CSSM_INVALID_HMroLE)  { 
result  =  get_error ( ) ; 

}else{ 

MSHN_CL_INIT (pGUIDList,  pinfo,  CL_handle) ; 
if  (CL_handle  ==  CSSM_INVALID_HaNDLE)  { 
result  =  get_error ( ) ; 

}else{ 

//  This  call  will  also  attach  a  data  store 
//  For  now  just  hard  code  datastore  name 
char  *hard_coded_name  =  "mshn" ; 
ds_names[0]  =  (char  *) 

mshn_malloc (strlen (hard_coded_name) +1,  NULL) ; 
strcpy (ds_names [0] ,  hard_coded_name) ; 

MSHN_DL_INIT (pGUIDList, 
pinfo, 

DL_handle, 
ds_handles [0] , 
ds_names) ; 

if  ( (DL_handle  ==  CSSM_INVALID_HANDLE)  [ ] 

(ds_handles[0]  ==  CSSM_INVALID_HANDLE) )  { 

result  =  get_error ( ) ; 

}else{ 

//  For  now  ignore  Trust  Policy  module 
initialized  =  MSHN_TRDE; 

} 

} 

} 

} 

} 

return  result; 

} 

//  This  function  will  create  a  certificate  with  the  provided 
//  parameters. 

/ /  Input :  certificate  fields . 

//  Output:  error  code,  pointer  to  a  certificate. 

//  Process:  This  method  will  create  a  certificate  to  include  the 
//  public -private  key  pair  associated  with  it.  The  certificate  created 
//  will  contain  the  public  key,  while  the  private  key  is  placed  into  a 
//  secure  key  storage  facility.  An  error  code  is  returned  if  the 
//  initialization  is  unsuccessful.  (This  method  is  not  implemented  in 
//  the  demonstration  program.  Instead,  we  used  the  certificate  manager 
//  supplied  by  CDSA  to  create  the  certificates  needed  for  the 
//  demonstration.) 
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int  mshn_sl :  :mshii__sl__create_cert  ( 

const  char  *issuernaTne, 

const  char  *subjectname, 

const  char  *valid_from, 

const  char  * validate, 

int  key_alg, 

const  mshn_data  *public_key, 
mshn_data  *new__cert) 

{ 

int  result  =  MSHN_OK; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

cout  <<  "Function  *mshn_sl_create_cert '  not  implemented  yet" 

<<  endl; 

} 

return  result; 

} 

//  This  function  will  find  and  return  the  certificate  for  the  specified 
//  subject. 

//  Input:  certificate  subject  name. 

//  Output:  error  code,  pointer  to  a  certificate. 

//  Process:  This  method  will  search  the  certificate  database  for  a 
//  certificate  whose  subject  name  matches  the  input  parameter  and  if 
//  found,  returns  the  requested  certificate.  The  method  uses  CSSM  Data 
//  library  functions  to  query  the  database.  An  error  code  is  returned 
//if  the  operation  was  unsuccessful. 

int  mshn_sl :  :mshn__sl_get_cert  ( 
const  char 
mshn_data 

{ 

int  result  =  MSHN_OK; 
the_cert->the_length  =  0; 
the_cert->the_data  =  NULL; 

if  (initialized  ==  MSHN_FM,SE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

CSSM_DL_DB_HANDLE  dbHand; 
dbHand . DLHandl e  =  DL_handl e ; 
dbHand. DBHandle  =  ds_handles [0] ; 

CSSM_HANDLE  ResultsHandle  =  NULL; 

CSSM_QUERY  Query; 

CSSM  BOOL  EODS; 


♦siibjectname, 
♦the  cert) 
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CSSM_DATA__PTR  certdata  = 

(CSSM_DATA_PTR)Tnshn_malloc  (sizeof  (CSSM_DATA)  ,  NULL)  ; 
CSSM_DB_UNIQUE_RECORD_PTR  record_ptr; 

//  Use  a  NULL  filter  to  CSSM  to  get  all  certificates  in  database 
Query. NumSelectionPredicates  =  0; 

Query.  Select  ionPredicate  =  NULL; 

Query  .RecordType  =  CSSM_DL_DB_RECORD_CERT; 

Query .  Conjunctive  =  CSSM_DB_NONE; 
record_jptr  =  CSSM_DL_DataGetFirst  (dbHand, 

&Query, 

&ResultsHandle , 

&E0DS , 

NULL, 

certdata) ; 

#ifdef  DEBUG_MSHN_CERT 

cout  <<  "CSSM_DL_DataGetFirst  done"  <<  endl; 

#endif 

show__error  ( ”CSSM_DL_DataGet First" )  ; 

CSSM_ClearError ( )  ; 

//  if  end  of  data  store  before  we  even  begin, . . 
if  (  (EODS  ==  CSSM__TRUE)  |  |  (record__ptr  ==  NULL)  )  { 

cout  <<  ”Tnshn__sl_get_cert :  ERROR  =  Couldn*t  get  first  record" 
<<  endl; 

}else{ 

int  cntr  =  1; 
int  found  =  0; 

while  ({EODS  ==  CSSM_FALSE)  &&  ! f oxmd) 

{ 

//  now  find  the  certificate  matching  the  sxibject 
#ifdef  DEBUG_MSHN_CERT 

cout  <<  "get_cert__f ield"  <<  endl; 

#endif 


CSSM_DATA_PTR  sdata  =  get_cert_f ield { 

certdata, 

CL__handle , 

CSSM0ID_X5  0  9VlSub  j  ectName ) 

#ifdef  DEBUG_MSHN_CERT 

cout  <<  "get_cert_f ield  done"  <<  endl; 

#endif 

CSSM_DATA_PTR  pstring; 

pstring  =  (CSSM_DATA_PTR)  CSSM_CL_PassThrough  ( 

CL^handle , 

0, 

INTEL_X5  0  9V3_PASSTHROUGH_TRANSLATE_DERNAME_TO_STRING 
sdata) ; 

#ifdef  DEBUG_MSHN_CERT 

show_data_char {*pstring,  "trying  subject  name")  ; 
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#endif 


CSSM_DL_FreeUniqueRecord(dbHand,  recordj)tr)  ; 

if  (Tnatch_field(pstring,  subjectname,  ,  4) 
==  CSSM_TRUE)  { 
found  =  1; 

the_cert->the_length  =  certdata->Length; 
the_cert->the_data  =  certdata->Data; 

#ifdef  DEBUG__MSHN_CERT 

show_cert_fields (certdata,  CL_handle) ; 


#endif 


}else{ 

//  Get  the  next  certificate 
mshn_free (certdata- >Data,  NULL) ; 
record_ptr  =  CSSM__DL__DataGetNext  (dbHand/ 

Result  sHandl e , 
&EODS , 

NULL, 

certdata) ; 

show_error  ( ”CSSM_DL_DataGetNext  *' )  ; 
CSSM_ClearError ( ) ; 

} 

mshn_free (sdata->Data,  NULL); 
mshn_free (pstring->Data,  NULL) ; 

} 

if  ( !  f  oimd) 

result  =  MSHN_CERT_NOT_FOUND; 

} 

mshn_free (certdata,  NULL) ; 

//  Done  querying  for  information 


if  (ResultsHandle) 

CSSM_DL_AbortQuery  (dbHand,  ResultsHandle)  ; 


} 

return  result; 


//  This  function  will  determine  if  the  specified  certificate  is  valid, 

//  Input:  pointer  to  a  certificate. 

//  Output:  error  code.  Boolean. 

//  Process:  This  method  will  check  the  signature  on  a  given  certificate 
//  and  return  a  Boolean  value  based  upon  the  signature  verification. 

//  (This  method  is  not  currently  implemented  in  the  demonstration 
//  program.  If  called,  it  will  always  return  true.) 


int  mshn_sl :  :mshn_sl_cert_verify  ( 

const  mshn_data  *the_cert, 

int  *cert  valid) 
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{ 


int  result  =  MSHN_OK; 

*cert_valid  =  MSHN_FALSE; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

//  For  now  don't  bother  verifying  the  certificate 
*cert_valid  =  MSHN_TRUE; 

} 

return  result; 

} 

//  This  function  will  determine  if  the  specified  certificate  has  been 
//  revoked. 

//  Input:  pointer  to  a  certificate. 

//  Output:  error  code.  Boolean. 

//  Process:  This  method  will  check  a  given  certificate  against  a 
//  certificate  revocation  list  and  return  a  Boolean  value  depending  on 
//  the  revocation  status.  (This  method  is  not  currently  in^lemented  in 
//  the  demonstration  program.  If  called,  it  will  always  return  false.) 

int  mshn_sl :  :mshn_sl_cert_revoked  ( 

const  mshn_data  *the_cert, 

int  *  cert_r evoked) 

{ 

int  result  =  MSHN_OK; 

*cert_revoked  =  MSHN_TRUE; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

//  For  now  don't  bother  checking  the  revocation  list 
*cert_revoked  =  MSHN_FALSE; 

} 

return  result; 

} 

//  This  function  will  return  the  pxiblic  key  for  the  subject  associated 
//  with  the  specified  certificate. 

//  Input:  pointer  to  a  certificate. 

//  Output:  error  code,  pointer  to  a  public  key. 

//  Process:  This  method  will  return  a  public  key  obtained  from  a  given 
//  certificate.  The  method  uses  CSSM  Certificate  library  fimctions  to 
//  extract  the  key  data.  An  error  code  is  returned  if  the  operation  was 
//  xinsuccessf ul . 

int  mshn_sl :  :mshn__sl_get_public_key  ( 

const  mshn_data  *the_cert, 
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{ 


itishn  data 


*public_key) 


int  result  =  MSHN_OK; 
public_key->the_length  =  0; 
public_key->the_data  =  NULL; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

CSSM_DATA_PTR  temp_cert  = 

(CSSM_DATA_PTR)mshn_malloc (sizeof (CSSM_DATA) ,  NULL) ; 
temp_cert->Length  =  the_cert->the_length; 
temp_cert->Data  =  the_cert->the_data; 

#ifdef  DEBUG_MSHN_CERT 

show_cert_fields (temp_cert,  CL_handle) ; 

#endif 


CSSM_KEY_PTR  temp_key  = 

{CSSM_KEY_PTR)mshn_malloc (sizeof (CSSM_KEy) ,NULL) ; 
temp_key  =  CSSM_CL_CertGetKeyInfo (CL_handle,  ten^_cert) ; 
show_error ( "CSSM_CL_CertGetKeyInf o" ) ; 
result  =  get_error ( ) ; 

key_to_mshn_data (ten^_key,  public_key) ; 

#ifdef  DEBUG_MSHN_CERT 

show_key (teir5)_key,  "Public  Key")  ; 

#endif 

//  Now  clean  up  the  allocated  memory 
mshn_free (temp_cert,  NULL) ; 
mshn_free (ten^_key->KeyData.Data,  NULL) ; 
mshn_f ree  (teit5)_key,  NULL)  ; 

} 

return  result; 

} 

//  This  function  will  return  the  private  key  for  the  specified  subject. 
//  Input:  pointer  to  a  public  key. 

//  Output:  error  code,  pointer  to  a  private  key. 

//  Process:  This  method  will  return  a  reference  to  a  private  key  given 
//  the  associated  public  key.  The  method  uses  CSSM  Cryptographic 
//  Service  Module  fiinctions  to  retrieve  the  key  data  from  the  CSP  key 
//  storage  file.  The  private  key  is  never  openly  exposed  to  the 
//  application  program.  Instead,  the  pointer  returned  references  an 
//  encrypted  copy  of  the  private  key.  The  private  key  can  only  be  used 
//  when  it  is  accompanied  by  its  pass  phrase.  An  error  code  is  returned 
//if  the  operation  was  unsuccessful. 

int  mshn_sl:  :mshn_sl_getjprivate_key  ( 

const  mshn_data  *public_key, 

mshn_data  *private_key) 

{ 
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int  result  =  MSHN__OK; 
private_key->the_length  =  0; 
private_key~>the_data  =  NULL; 

CSSM_KEY__PTR  temp_key  =  NULL; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

//  convert  inputs  into  CDSA  structure 
void  *temp_pub_key  =  NULL; 

mshn_data_to_key  (public_key,  &temp_piab_key)  ; 

#ifdef  DEBUG_MSHN_KEy 

show_key  {  (CSSM_KEY__PTR)  temp_pTab__key,  "piiblic  key"); 

#endif 

temp_key  =  (CSSM_KEY_PTR)  mshn^malloc  (sizeof  (CSSM_KEY)  ,WJhh)  ; 


/ /  setting  these  fields  to  NULL  will  tell  the  CSP  to  allocate  the 
//  memory  for  us 

temp_key- >KeyData , Data  =  NULL; 
temp_key- >KeyData . Length  =  0; 

CSSM_RETURN  ok_key; 

ok_key  =  CSSM_CSP_ObtainPrivateKeyFromPTiblicKey  { 

CSP__handle,  (CSSM_KEY_PTR)  temp_pub__key,  temp_key)  ; 

if  (ok__key  !=  CSSM_OK)  { 

show_error  ( "CSSM_CSP_ObtainPrivateKeyFromPublicKey" )  ; 
result  =  get_error(); 

}else{ 

key_to_mshn_data  (temp_key,  private_key)  ; 

#ifdef  DEBUG_MSHN_KEY 

show_key  (  (CSSM_KEY_PTR)  temp_key,  "private  key")  ; 

#endif 

} 

//  Now  clean  up  the  allocated  memory 
CSSM_KEY_PTR  pKey  =  {CSSM_KEY_PTR)temp_j)ub_key; 
mshn_free  {pKey->KeyData.Data,  NULL)  ; 
mshn_f ree  (pKey,  NULL)  ; 

mshn_f  ree  ( temp_key- >KeyData . Data ,  NULL)  ; 
mshn_free  {temp___key,  NULL)  ; 

} 

return  result; 

} 

//  This  function  will  write  a  record  to  the  audit  log. 

//  Input:  audit  record. 

//  Output:  error  code. 

//  Process:  This  method  will  post  a  transaction  to  the  MSHN  audit 
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//  server.  (The  inshn_sl_put_audit  method  is  not  currently  in^lemented 
//  in  the  demonstration  program.) 

int  mshn_sl:  :mshn__sl_put_audit  ( 

const  char  *audit_record) 

{ 

int  result  =  MSHN_OK; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

//  For  now  just  output  the  audit  data 
cout  <<  audit_record  <<  endl; 

} 

return  result; 

} 

//  This  function  will  encrypt  the  specified  buffers  using  the  specified 
//  key  and  algorithm.  The  caller  of  this  fimction  is  responsible  for 
//  deleting  the  memory  returned  by  this  function. 

//  Input:  pointers  to  a  key,  array  of  input  buffers,  and  a  count  of  the 
//  number  of  input  buffers,  and  an  algorithm  identifier. 

//  Output:  error  code,  pointer  to  an  array  of  encrypted  buffers,  a 
//  coxmt  of  the  number  of  encrypted  buffers,  and  a  count  of  the  total 
//  number  of  bytes  encrypted. 

//  Process:  This  method  will  accept  a  data  buffer  and  key,  and  return 
//  an  encrypted  copy  of  the  input  data.  The  method  uses  CSSM 
//  Cryptographic  Service  Module  functions  to  encrypt  the  data  based  upon 
//  the  key  type  and  algorithm  chosen.  This  method  supports  both 
//  symmetric  and  asymmetric  algorithms.  (Only  symmetric  encryption  is 
//  operational  in  the  demonstration  program.  The  Intel  CSP  lacks  the 
//  implementation  of  a  public  key  algorithm.)  An  error  code  is  returned 
//  if  the  operation  was  unsuccessful. 

int  mshn__sl:  :mshn_sl__encrypt  ( 

const  mshn_data  *the_key, 
int  the_alg, 

const  mshn__data  buffer []  , 
int  num_buf  f  er  s , 

mshn_data  *enc_buf f [] , 

int  *num_encbuffs, 

int  *bytes_enc ) 

{ 

int  result  =  MSHN_OK; 

struct  alg_params  thej)aranis; 

unsigned  int  bytes_encrypted  =  0; 

CSSM_CC_HANDLE  hCC; 

#if  defined (DEBUG_MSHN_KEY)  | |  defined (DEBUG_MSHN_ENCRYPT) 
char  debug_in[80] ; 

#endif 
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for  (int  x=0;  x<*num_encbuffs ;  x++)  { 

enc_buf f [x] ->the_data  =  NULL; 
enc_buf f [x] ->the_length  =  0; 

} 

*nuin_encbuf  f  s  =  0; 

*bytes_enc  =  0; 

//  make  sure  we  have  enough  output  buffers 
if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

//  Get  the  algorithm  parameters 

result  =  find_alg_params (the_alg,  the _j)arams) ; 

} 

if  (result  ==  MSHN_OK)  { 

/ /  convert  inputs  into  CDS A  structure 
void  *temp_key  =  NULL; 
mshn_data_to_key  (the_key,  &tetrp_key)  ; 

#ifdef  DEBUG_MSHN_KEy 

show_key ( (CSSM_KEy_PTR) temp_key,  "encrypt  key") ; 

cout  «  endl  «  "Press  enter  cin.getline (debug_in,  80); 

#endif 

#ifdef  DEBUG_MSHN_ENCRYPT 

show_data_ptr ( ( CSSM_DATA_PTR)  buf f er , 

"encrypt  input  ",  num_buffers) ; 
cout  «  endl  <<  "Press  enter  ";  cin.getline (debug_in,  80); 

#endif 

//  create  encryption  context 

hCC  =  CSSM_CSP_CreateSymmetricContext (CSP_handle, 

the_params . alg_id, 
the  jparams . alg_mode , 
(CSSM_KEY_PTR)  teitp_key, 
NULL,  //  no  initial  vector 
the_params . alg_padding , 

0  //  0  rounds 

)  ; 

if  (hCC  ==  0)  { 

cout  <<  "Error  creating  encrypt  context"  <<  endl; 
show_error ( "CSSM_CSP_CreateSymmetricContext" ) ; 
result  =  get_error ( ) ; 

.  } 

//  Now  clean  up  the  allocated  memory 
CSSM_KEY_PTR  pKey  =  (CSSM_KEY_PTR)temp_key; 
mshn_free (pKey->KeyData,Data,  NULL) ; 
mshn_free (pKey,  NULL) ; 

} 

if  (result  ==  MSHN_OK)  { 

CSSM_QUERY_SIZE_DATA  queryData [10] ; 
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for  (int  X  =  0;  x<nuni_buf fers;  x++)  { 

queryData [x] . SizeInputBlock  =  buf fer [x] . the_length; 
queryData [x] .SizeOutputBlock  =  0; 


CSSM_QuerySize (hCC, 

CSSM_TRUE,  //  for  encryption 
num_buf f ers , 

&queryData [0] ) ; 

//  allocate  memory  to  hold  the  encrypted  bits 
for  (int  X  =  0;  x<num_buffers;  x++)  { 

enc_buf f [x] ->the_length  =  queryData[x].SizeOutputBlock; 
enc_buff  [x]  ~>the__data  =  (iinsigned  char*) 
mshn_malloc (queryData [x] . SizeOu tputB lock, NULL) ; 

#ifdef  DEBUG_MSHN_ENCRYPT 

cout  <<  "encrypt  length:  "  <<  enc_buf f  [x] ->the_length  <<  endl; 

#endif 

} 

unsigned  int  temp_encrypted  =  0; 

CSSM_RETURN  cssmstatus; 

CSSM_DATA  remData; 
remData . Length  =  0; 
remData. Data  =  0; 

for  (int  x=0;  ( (x<num_buffers)  &&  (result  ==  MSHN_OK) ) ;  x++)  { 

cssmstatus  =  CSSM_EncryptData (hCC, 

(CSSM_DATA_PTR)  &buf f er [x] , 

1,  //  number  of  input  buffers 

{CSSM_DATA_PTR)  enc_buf f [x] , 

1,  //  number  of  enc  buffers 

&temp_encrypted, 
aremData 
)  ; 

bytes_encrypted  +=  temp_encrypted; 

#ifdef  DEBUG__MSHN_ENCRYPT 

show_data_ptr  (  (CSSM_DATA_PTR)  enc_buf  f  [x]  ,  "Encrypted"  ,  1)  ; 
cout  <<  endl  <<  "Press  enter  cin.getline (debug^in,  80); 

#endif 


if (remData. Data  1=  NULL)  { 

cout  <<  "rem  data  not  null,  rem  data  length:  " 
<<  remData . Length  <<  endl; 
mshn_free ( remData. Data, NULL) ; 

} 

if  (cssmstatus  1=  CSSM_OK)  { 
result  =  get_error() ; 

} 
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CSSM  DeleteContext (hCC) ; 


} 


if  (result  ==  MSHN_OK)  { 

*num_encbuffs  =  num_buffers; 
*bytes_enc  =  bytes_encrypted; 

} 

return  result; 

} 


//  This  function  will  decrypt  the  specified  buffers  using  the  specified 
//  key  and  algorithm.  The  caller  of  this  function  is  responsible  for 
//  deleting  the  memory  returned  by  this  function. 

//  Input:  pointers  to  a  key,  array  of  input  buffers,  and  a  count  of  the 
//  number  of  input  buffers,  and  an  algorithm  code. 

//  Output:  error  code,  pointer  to  an  array  of  decrypted  buffers,  a 
//  count  of  the  number  of  decrypted  buffers,  and  a  count  of  the  total 
//  number  of  bytes  decrypted. 

I j  Process:  This  method  will  accept  a  data  buffer  and  key,  and  return  a 
//  decrypted  copy  of  the  input  data.  The  method  uses  CSSM  Cryptographic 
//  Service  Module  functions  to  decrypt  the  data  based  upon  the  key  type 
//  and  algorithm  chosen.  This  method  supports  both  symmetric  and 
//  asymmetric  algorithms.  (Only  symmetric  decryption  is  operational  in 
//  the  demonstration  program)  .  Aa  error  code  is  returned  if  the 
//  operation  was  imsuccessful . 


int  mshn__sl :  :mshn_sl_decrypt 
const  mshn__data 
int 

const  mshn_data 
int 

mshn__data 

int 

int 

{ 


( 

*the_key, 
the_alg, 
enc_buf  f  []  , 
num_encbuffs, 
★buffer  []  , 
*num_buffers, 
*bytes_dec) 


int  result  =  MSHN_OK; 

struct  alg_j)arams  the_j)arams; 

unsigned  int  bytes_decrypted  =  0; 

CSSM_CC_HANDLE  hCC; 

#if  defined  (DEBUG_MSHN_KEY)  |  |  defined  (DEBtJG_MSHN__ENCRyPT) 
char  debug_in [80]  ; 

#endif 


for  (int  x=0;  x<*num_buffers;  x++)  { 

buf  fer  [x] ->the__data  =  NULL; 
buf  fer  [x] ->the_length  =  0; 

} 

*num__buf  fers  =  0; 

*bytes_dec  =  0; 
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//  make  sure  we  have  enough  output  buffers 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN__NOT_INITIALIZED; 

}else{ 

//  Get  the  algorithm  parameters 

result  =  find_alg_j)arams  (the_alg,  the_params)  ; 

} 

if  (result  ==  MSHN_OK)  { 

//  convert  inputs  into  CDS A  structure 
void  *temp_key  =  NULL; 
mshn_data_to_key  (the_key,  &temp_key)  ; 

#ifdef  DEBUG_MSHN_KEY 

show_key  ( (CSSM_KEY__PTR)  temp_key,  "encrypt  key")  ; 

cout  <<  endl  <<  "Press  enter  cin.getline  (debug_in,  80); 

#endif 

#ifdef  DEBUG_MSHN_DECRYPT 

show_data_ptr  (  (CSSM_DATA_PTR)  enc_buf  f , 

"To  Be  Decrypted",  num_encbuffs) ; 
cout  «  endl  <<  "Press  enter  ";  cin.getline (debug_in,  80); 

#endif 


//  create  encryption  context 

hCC  =  CSSM_CSP__CreateSymmetricContext  (CSP__handle, 

the^arams .  alg_id, 
the  jparams .  alg_mode , 
(CSSM_KEY_PTR)  temp_key, 
NULL,  //  no  initial  vector 
the^params .  alg_padding, 

0  //  0  rounds 

); 

if  (hCC  ==  0) 

{ 

cout  <<  "Error  creating  decrypt  context"  <<  endl; 
show_error ( "CSSM_CSP_CreateSymmetricContext " ) ; 
result  =  get_error() ; 

} 

//  Now  clean  up  the  allocated  memory 
CSSM_KEY_PTR  pKey  =  (CSSM_KEY_PTR)  temp_key; 
mshn_f  ree  (pKey-  >KeyData .  Data ,  NULL)  ; 
mshn_f ree  (pKey,  NULL)  ; 

} 

if  (result  ==  MSHN_0K)  { 

//  this  is  the  return  value 
CSSM_QDERY_SIZE_DATA  queryData [10] ; 

for  (int  X  =  0;  x<num_encbuffs;  x++)  { 

queryData [x] .SizeInputBlock  =  enc_buf f [x] .the_length; 
queryData [x] . SizeOutputBlock  =  0; 
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} 

CSSM_QuerySize (hCC, 

CSSM_FALSE,  //  for  decryption 
num_encbuf  f  s , 

&gueryData [0] ) ; 

//  allocate  memory  to  hold  the  encrypted  bits 
for  (int  X  =  0;  x<num_encbuffs;  x++)  { 

buffer [x] ->the_length  =  gueryData[x].SizeOutputBlock; 
buffer [x] ->the_data  =  (unsigned  char*) 
mshn_malloc (queryData [x] .SizeOutputBlock,NULL) ; 

#ifdef  DEBUG_MSHN_DECRYPT 

cout  <<  "decrypt  length:  "  <<  buffer [x] ->the_length  <<  endl; 

#endif 

} 

imsigned  int  temp_decrypted  =  0; 

CSSM_RETIJRN  cssmstatus; 

CSSM_DATA  remData; 
remData . Length  =  0; 
remData . Data  =  0 ; 

for  (int  x=0;  ( (x<num_encbuffs)  &&  (result  ==  MSHN_OK) ) ;  x++)  { 

cssmstatus  =  CSSM_DecryptData (hCC, 

(CSSM_DATA_PTR)  &enc_buf f [x] , 

1,  //  number  of  input  buffers 

(CSSM_DATA_PTR)  buf f er [x] , 

1,  //  number  of  dec  buffers 

&temp_decrypted , 

SiremData 

)  ; 

bytes_decrypted  +=  temp_decrypted; 

#ifdef  DEBUG_MSHN_DECRYPT 

show_data_ptr ( (CSSM_DATA_PTR)  buffer [x],  "Decrypted",  1) ; 
cout  <<  endl  «  "Press  enter  cin.getline  (debug_in,  80); 

#endif 

if (remData. Data  !=  NULL)  { 

cout  «  "rem  data  not  null  "  «  "rem  data  length:  " 

«  remData . Length  <<endl; 
mshn_free (remData. Data, NULL) ; 

} 

if  (cssmstatus  1=  CSSM_OK)  { 

show_error ( " CSSM  Decrypt :  " ) ; 
result  =  get_error(); 

} 

CSSM  DeleteContext (hCC) ; 


} 

} 
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if  (result  ==  MSHN_OK)  { 

*bytes_dec  =  bytes_decrypted; 

*num_buffers  =  num_encbuffs; 

} 

return  result; 

} 

//  This  fiinction  will  create  a  key  to  be  used  with  symmetric 
//  encryption/decryption. 

//  Input:  algorithm  code,  key  size,  salt,  and  key  label. 

//  Output:  error  code,  pointer  to  a  key. 

//  Process:  This  method  generates  a  symmetric  key.  It  uses  CSSM 

//  Cryptographic  Service  Module  functions  to  create  the  key  data.  The 

//  salt  parameter  can  be  used  to  effectively  expand  the  key  size.  An 

//  error  code  is  returned  if  the  operation  was  \ansuccessful . 

int  mshn_sl:  :mshn_sl_sym_key_gen  { 

int  the_alg, 

int  key_size, 

const  mshn__data  salt, 
const  char  *key_label , 

mshn_data  *the_key) 

{ 

int  result  =  MSHN_OK; 
struct  alg_pararas  thejparams; 
the__key->the_data  =  NULL; 
the_key- >the_length  =  0; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALI2ED; 

}else{ 

//  Get  the  algorithm  parameters 

result  =  f  ind_alg_params  {the_alg,  the_jparams)  ; 

} 

CSSM_REniRN  cssmstatus; 

CSSM_CC_HANDLE  hCC  =  NULL; 

if  (result  ==  MSHN_0K)  { 

hCC  =  CSSM_CSP_CreateKeyGenContext  ( 

CSP_handle,  //  CSP  handle 
thejparams .  alg_id, 

NULL,  //  pass  phrase  not  req  for  DES 

key_size,  //  key  size 

NULL,  //  seed 

NULL,  //  salt 

NULL,  //  start  date 

NULL,  //  end  date 

NULL) ;  //  params 
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if(hCC  ==  NULL) 

{ 

cout  <<  "Error  creating  key  generation  context"  <<  endl; 
show_error ( "CSSM_CSP_CreateKeyGenContext " ) ; 
result  =  get_error ( ) ; 

} 


if  {result  ==  MSHN_OK)  { 

CSSM_KEY_PTR  pKey  = 

(CSSM_KEY_PTR)mshn_malloc  (sizeof  (CSSM_KEY)  ,NULL)  ; 

/ /  setting  these  fields  to  NULL  will  tell  the  CSP  to  allocate 

//  the  memory  for  us 

pKey- >KeyData . Data  =  NULL; 

pKey- >KeyData . Length  =  0; 

CSSM_DATA  key_lab; 

key_lab . Length  =  strlen(key_label) ; 

#ifdef  DEBUG_MSHN_KEY 

cout  <<  "key  label  length:  "  <<  key_lab . Length  «  endl; 

#endif 

key_lab.Data  =  (imsigned  char*)  mshn_malloc  (key_lab. Length,  NULL)  ; 
stmcpy (key_lab.Data,  key_label,  key_lab. Length)  ; 

cssmstatus  =  CSSM_GenerateKey (hCC,  //  context  handle 

CSSM_KEYUSE_ANY,  //  usage 

CSSM_KEYATTR_RETURN_DEFAULT,  //  attributes 
&key_lab,  //  label 
pKey) ;  / /  the  key 

if (cssmstatus  !=  CSSM_OK) 

{ 

cout  <<  "Error  creating  CSSM  key”  <<  endl; 
show_error  (  "CSSM_GenerateKey" )  ; 
result  =  get_error(); 

}else{ 

key__to_mshn_data(pKey,  the_key)  ; 

#ifdef  DEBUG_MSHN_KEy 

show_key (pKey,  "DES  Key”)  ; 

void  *temp_key  =  NULL; 

mshn_data_to_key  ( the_key ,  &t emp_key )  ; 

show_key(  (CSSM_KEY_PTR)  temp_key,  "extracted  key")  ; 

//  Now  clean  up  the  allocated  memory 
CSSM_KEY_PTR  tpKey  =  {CSSiyi_KEY_PTR)  temp_key; 
mshn__f  ree  ( tpKey-  >KeyData .  Data ,  NULL)  ; 
mshn_free  (tpKey,  NULL)  ; 

#endif 

} 

//  Now  clean  up  the  allocated  memory 


104 


mshii_f  ree  ( key_lab .  Data ,  NULL )  ; 
mshn_free(pKey->KeyData.Data,  NULL)  ; 
mshn_f ree (pKey,  NULL) ; 

CSSM_DeleteContext (hCC) ; 

} 

return  result; 

} 

//  This  function  will  create  a  public-private  key  pair  to  be  used  with 
//  asymmetric  encryption/decryption. 

//  Input:  algorithm  code,  key  size,  salt,  key  labels,  and  pass  phrase 
//  for  the  private  key. 

//  Output:  error  code,  pointer  to  a  key  pair. 

//  Process:  This  method  generates  an  asymmetric  (public/private)  key 
//  pair.  The  private  key  is  placed  in  a  secure  key  storage  facility. 

//  (The  mshn_sl_asym_key_gen  method  is  not  implemented  in  the 
//  demonstration  program.  We  used  the  certificate  manager  that  came 
//  with  cpSA  to  create  the  certificates  needed  for  the  demonstration, 

//  Certificate  manager  generated  the  public/private  key  pairs  as  part  of 
//  the  certificate  creation  process.) 

int  mshn_sl:  :mshn_sl_asym_key_gen  ( 

int  the_alg, 

int  key_size, 

const  mshn_data  salt, 
const  char  *p\iblic_label, 

const  char  *private_label , 

const  char  *passphrase, 

mshn_data  *the_key) 

{ 

int  result  =  MSHN_OK; 

if  (initialized  ==  MSHN__FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

}else{ 

cout  <<  "Function  ' mshn_sl_asym__key_gen *  not  implemented  yet” 

<<  endl; 

} 

return  result; 

} 

//  This  function  will  hash  the  specified  buffers  and  generate  a  message 
//  digest. 

//  Input:  pointer  to  an  array  of  input  buffers,  and  a  count  of  the 
//  number  of  input  buffers,  and  an  algorithm  identifier, 

//  Output:  error  code,  pointer  to  a  digest  structure. 

//  Process:  This  method  creates  a  message  digest  for  a  given  input 
//  buffer  of  data.  The  method  uses  CSSM  Cryptographic  Service  Module 
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//  functions  to  generate  the  digest,  based  upon  the  algorithm  chosen. 

//  The  demonstration  program  uses  the  MD5  algorithm  to  create  a  fixed 
//  size,  16  byte  digest  from  the  given  data.  An  error  code  is  returned 
//if  the  operation  was  unsuccessful. 


int  mshn_sl:  :mshn_sl_msg_digest  ( 


int 

const  mshn_data 
int 

mshn  data 


the_alg, 
buffer  []  , 
num__buf  f  ers , 
*digest) 


int  result  =  MSHN  OK; 


digest- >the_data  =  NULL; 
digest- >the__length  =  0; 
struct  algj>arams  the_params; 


if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

} 

else  { 

//  Get  the  algorithm  parameters 

result  =  find_alg_params {the_alg,  the_params) ; 


CSSM_RETURN  cssmstatus; 

CSSM_CC_HAMDLE  hdigestContext ; 

//  this  is  the  return  value 
CSSM_DATA_PTR  pDig  = 

{CSSM_DATA_PTR)mshn_malloc (sizeof (CSSM_DATA) ,NULL) ; 
pDig->Data  =  NULL; 
pDig->Length  =  0; 

if  (result  ==  MSHN_OK)  { 

hdigestContext  =  CSSM_CSP_CreateDigestContext ( 
CSP_handle ,  the_params . alg_id) ; 

if  (hdigestContext  ==  0) 

{ 

cout  <<  "Error  creating  digest  context"  <<  endl; 
show_error ( "CSSM_CSP_CreateDigestContext" ) ; 
result  =  get_error ( ) ; 

} 

} 

if  (result  ==  MSHN_OK)  { 

cssmstatus  =  CSSM_DigestData (hdigestContext , 

(CSSM_DATA_PTR)  buffer, 
num_buf fers, 
pDig) ; 

if  (cssmstatus  !=  CSSM_OK)  { 

cout  <<  "Digest  creation  failed"  <<  endl; 
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show__error  { "Digest  Error" )  ; 
result  =  get_error(); 

}else{ 

#ifdef  DEBUG_MSHN_SIGN 

cout  <<  "\nDigest  Size:  "  <<  pDig->Length  <<  endl; 

#endif 

digest- >the__data  =  pDig->Data; 
digest- >the_length  =  pDig->Length; 


} 


CSSM_DeleteContext (hdigest Context) / 

} 

mshn_free (pDig,  NULL) ; 


return  result; 


//  This  function  will  produce  a  signature  for  the  specified  data. 

//  First  the  data  will  undergo  a  message  digest  operation. 

//  The  result  of  the  message  digest  will  then  be  encrypted  to  generate 
//  the  signature. 

//  Input:  Signature  algorithm  identifier,  hash  algorithm  identifier, 

//  pointers  to  the  key,  key  passphrase,  and  input  data  buffers,  along 
//  with  a  count  of  the  number  of  buffers  provided. 

//  Output:  error  code,  pointer  to  a  signature  structure, 

//  Process:  This  method  creates  a  digital  signature  for  a  given  buffer 
//of  data.  This  method  supports  the  creation  of  signatures  using 
//  symmetric  and  asymmetric  keys.  For  example,  if  the  signature 
//  algorithm  identifier  is  DES,  and  hash  algorithm  identifier  is  MD5, 

//  then  the  method  will  create  an  MD5  digest  of  the  data,  and  encrypt 
//  the  digest  with  the  supplied  DES  key.  If  the  signature  algorithm 
//  identifier  is  DSA  (Digital  Signature  Algorithm)  ,  and  the  hash 
//  algorithm  identifier  is  SHA  (Secure  Hash  Algorithm),  the  method  will 
//  create  an  SHA  digest  of  the  data  and  encrypt  the  digest  with  the 
//  supplied  private  key.  An  error  code  is  returned  if  the  operation  was 
//  unsuccessful. 


int  mshn_sl :  :mshn_sl_sign  ( 
int 
int 

const  mshn_data 
const  char 
const  mshn_data 
int 

mshn_data 

{ 


the_alg, 
hash_alg, 
*the_key, 
♦password, 
buffer  []  , 
num__buf  f  ers , 
♦signature) 


int  result  =  MSHN_OK; 
int  alg_result  =  MSHN_OK; 
int  hash_result  =  MSHN_OK; 
signature ->the_data  =  NULL; 
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signature- >the_length  =  0; 

struct  alg_params  the_alg_params ,  hash_params ; 
void  *pKey; 

inshn_data_to_key(the_key,  &pKey)  ; 

CSSM_RETURN  cssmstatus; 

CSSM_CC_HANDLE  hSigContext ; 

CSSM_DATA_PTR  pSig  = 

(CSSM_DATA_PTR)ms]m_inalloc  (sizeof  (CSSM_DATA)  ,NULL)  ; 

CSSM_CRYPTO_DATA  cspData; 

CSSM_DATA  paramData; 

mshn_data  *encSigBuf f  [1] ; 

encSigBuff [0]  =  (mshn_data  *)mshn_inalloc (sizeof (mshn_data  *),  NULL) ; 


int  bytesEnc  =  0; 
int  nuitiEncBuffs  =  1; 


if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 

} 

else 

{ 

//  Get  the  algorithm  parameters 

alg_result  =  f ind_alg_params (the_alg,  the_alg_params) ; 
hash_result  =  f ind_alg_params (hash_alg,  hash_params) ; 

if  (alg_result  ==  MSHN_OK  &&  hash_result  ==  MSHN_OK)  { 

switch  (the_alg_params.mshn_id)  { 


case  MSHN_ALG_DSA;  {  //  DSA  Algorithm 
//  create  signature  context 


//  this  is  the  return  value 
pSig->Data  =  NULL; 
pSig->Length  =  0; 


//  Set  up  the  crypto  data 

cspData, Callback  =  NULL; 


//  The  "cspData”  is  the  password  for  the  signer's 
//  private  key 
#ifdef  DEBUG_MSHN_SIGN 

cout  <<  "  password  length  "  <<  strlen (password) 

<  <  endl ; 


#endif 


if  (strlen (password) ) 
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{ 

paramData . Length  =  strlen (password) ; 
paramData . Data  = 

(uint8*)mshn_malloc (paramData. Length, NULL) ; 
memcpy (paramData . Data , 

password,  paramData . Length) ; 

}  else  { 

paramData . Length  =  0; 
paramData . Data  =  NULL; 

} 

cspData . Param  =  &paramData; 

#ifdef  DEBUG_MSHN__SIGN 

cout  <<  "sig  context  password  length:  ” 

<<  paramData . Length  <<  endl; 


#endif 


hSigContext  =  CSSM_CSP_CreateSignatureContext ( 
CSP_handle, 
hashj>arams .  alg_id, 

&cspData, 

(CSSM_KEy_PTR)  pKey) ; 

if  (hSigContext  ==  0) 

{ 

cout  <<  "Error  creating  sig  context"  <<  endl; 
show_error ( "CSSM_CSP_CreateSignatureContext " ) ; 
result  =  get_error(); 

} 

//  Now  cleanup  allocated  data 
mshn_f ree (paramData , Data ,  NULL) ; 

if  (result  ==  MSHN_OK)  { 

cssmstatus  =  CSSM_SignData (hSigContext , 

(CSSM_DATA_PTR)  buffer, 
num_buffers, 
pSig) ; 


#ifdef  DEBUG_MSHN__SIGN 

cout  <<  "Signature  size;  "  <<  pSig->Length  <<  endl; 

#endif 

if  (cssmstatus  1=  CSSM_OK)  { 

show_error ( " Signature  failed" ) ; 
result  =  get_error ( ) ; 
mshn_free (pSig->Data,  NULL) ; 

}else{ 

signature- >the_dat a  =  pSig“>Data; 
signature ->the_length  =  pSig->Length; 

} 

CSSM_DeleteContext (hSigContext) ; 
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} 

break ; 

} 

case  MSHN_ALG_DES :  {  //  DES  Algorithm 

mshn_data  sig_digest; 
result  =  mshn_sl_msg_digest ( 
hash_alg, 
buffer, 
num_buffers, 

&sig_digest) ; 

if  (result  ==  MSHN_OK)  { 

#ifdef  DEBUG_MSHN_SIGN 

show_pointer  (  (uint8  *)  sig_digest .  the_data, 

sig_digest .  the_length, 

"Msg  Digest") ; 

#endif 

result  =  mshn_sl_encrypt  (the_key, 

the_alg, 

&sig_digest, 

1,  // 

encSigBuff , 

SnutnEncBuf  f  s , 

&bytesEnc) ; 

} 

//  Now  cleanup  allocated  data 
mshn_f ree (sig_digest . the_data ,  NULL) ; 

if  (result  ==  MSHN_OK)  { 

#ifdef  DEBUG_MSHN_SIGN 

show_pointer  (  (uintS  *)  encSigBuff  [0]  ->the_data, 

encSigBuff  [0]  “>the_length, 
"Encrypted  msg  Digest"); 

#endif 

signature- >the__data  =  encSigBuff[0]->the_data; 
signature *->the_length  =  encSigBuf  f  [0] ->the__length; 

} 

break ; 

} 

default:  //  Invalid  Signature  algorithm 

cout  <<  "Invalid  Signature  Algorithm"  <<  endl; 

} 

} 

} 

//  Now  clean  up  the  allocated  memory 
CSSM_KEy_PTR  tpKey  =  (CSSM__KEY_PTR)  pKey; 
mshn_f ree ( tpKey- >KeyData . Data ,  NULL) ; 
mshn_free  (tpKey,  NULL)  ; 
mshn__free  (pSig,  NULL)  ; 
mshn__free  (encSigBuff  [0]  ,  NULL)  ; 


num  input  buffers 
//  num  output  buffers 


110 


return  result; 

} 

//  This  function  will  verify  a  signature  on  the  specified  data. 

//  First  the  data  will  undergo  a  message  digest  operation. 

//  The  result  of  the  message  digest  will  be  compared  to  the  decryption 
//of  the  specified  signature. 

//  Input:  Signature  algorithm  code,  hash  algorithm  code,  pointers  to  the 
//  key,  input  data  buffers,  and  signature,  along  with  a  count  of  the 
//  number  of  buffers  provided. 

//  Output:  error  code,  verification  result. 

//  Process:  This  method  accepts  a  signature  and  data  buffer.  It 
//  returns  a  Boolean  value  depending  on  the  verification  of  the 
//  signature  against  the  input  data.  If  a  symmetric  signature  algorithm 
//  was  used,  the  method  will  decrypt  the  signature  using  the  supplied 
//  key.  Then  the  method  will  generate  a  digest  of  the  input  data  and 
//  compare  the  new  digest  to  the  decrypted  signature.  If  they  match, 

//  the  method  returns  true.  If  an  asymmetric  algorithm  was  specified, 

//  then  the  signature  is  similarly  verified  using  the  supplied  public 
//  key.  An  error  code  is  returned  if  the  operation  was  xmsuccessful . 

int  mshn_sl :  :mshn_sl_sig_verify  ( 

int  the_alg, 

int  hash_alg, 

const  mshn_data  *the_key, 
const  mshn_data  buffer [], 
int  num_buf  f  er s , 

const  mshn_data  *signature, 
int  *sig_valid) 

{ 

int  result  =  MSHN_OK; 
int  alg__result  =  MSHN_OK; 
int  hash_result  =  MSHN_OK; 

*sig_valid  =  MSHN_FALSE; 

struct  alg_j)arams  the_alg_params ,  hashjparams; 
void  *pKey; 

mshn_data_to_key  {the_key,  &pKey)  ; 

CSSM_BOOL  cssmstatus; 

CSSM_CC_HANDLE  hVerif Context  ; 

mshn_data  *decSigBuf  f  [1]  ; 

decSigBuff  [0]  =  (mshn_data  *)  mshn_malloc  (sizeof  (mshn_data  *)  ,NULL)  ; 

int  bytesDec  ==  0; 

int  numDecBuffs  =  1; 

void  *decrypted_sig  =  NULL; 

mshn_data  *digest; 

digest  =  (mshn_data  *)mshn_malloc  {sizeof  (mshn__data)  ,  NULL); 
if  (initialized  ==  MSHN_FALSE)  { 
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result  =  MSHN_NOT_INITIALIZED; 

} 

else  { 

//  Get  the  algorithm  parameters 

alg_result  =  find_alg_j)arams  (the_alg,  the_alg_j)arams)  ; 
hash_result  =  f  ind_alg_params  (hash_alg,  hash__params)  ; 

} 


if  (alg_result  ==  MSHN_OK  &&  hash_result  ==  MSHN_OK)  { 

switch  {the_alg_params .mshn_id)  { 

case  MSHN_ALG_DSA:  {//  DSA  Algorithm 

fix_key_size( (CSSM_KEY_PTR)  pKey) ; 
hVerifContext  =  CSSM_CSP_CreateSignatureContext ( 

CSP_handle, 
hash_params . alg_id, 

NULL,  //  pass  phrase  not  needed 
(CSSM_KEY_PTR)  pKey) ; 

if  (hVerifContext  ==  0) 

{ 

cout  <<  "Error  creating  signature  verification 
context"  <<  endl; 

show_error  ( "CSSM_CSP_CreateSignatureContext" )  ; 
result  =  get_error ( ) ; 

} 

if  (result  -=  MSHN_OK)  { 

cssmstatus  =  CSSM^VerifyData (hVerifContext , 
(CSSM_DATA_PTR)  buffer, 
num_buf  f ers , 

(CSSM_DATA_PTR)  signature) ; 

if  (cssmstatus  1=  CSSM_TRUE)  { 

#ifdef  DEBUG__MSHN_SIGN 

cout  <<  "\nVerification  failed"  <<  endl; 

#endif 

*sig_valid  =  MSHN_FALSE; 

}else{ 

#ifdef  DEBXJG_MSHN_SIGN 

cout  <<  "\nSignature  matches  public  key"  <<  endl; 

#endif 

*sig_valid  =  MSHN_TRXJE ; 

} 

CSSM_DeleteContext  (hVerifContext)  ; 

} 

break ; 

} 

case  MSHN_ALG_DES :  {  //  DBS  Algorithm 
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#ifdef  DEBUG_MSHN_SIGN 

showjpointer  (  (uintS  * )  signature- >the__data, 

signature- >the_l eng th, 

"Verify  Encrypted  msg  Digest") ; 

#endif 


result  =  mshn_sl_decrypt  (the__key, 

the_alg/ 

signature^ 

1,  //  number  of  input  buffers 

decSigBuff , 

SnuitiDecBuffs,  //  num  output  buffers 
&bytesDec) ; 

if  (result  ==  MSHN_OK)  { 

#ifdef  DEBUG_MSHN_SIGN 

show_pointer { (uintS  *) decSigBuf f [0] ->the_data, 

decSigBuff [0] ->the_length, 
"Decrypted  msg  Digest") ; 

#endif 

result  =  mshn_sl_msg_digest ( 
hash_alg, 
buffer, 
num_buf f ers , 
digest) ; 


if  (result  ==  MSHN_0K)  { 

#ifdef  DEBUG__MSHN_SIGN 

show_j)ointer ( (uintS  * ) digest- >the_data, 

digest ->the_length, 

"Msg  Digest") ; 

#endif 

if  ( Imemcmp (digest- >the_data, 

decSigBuff [0] ->the_data, 
digest- >the_length) )  { 

#ifdef  DEBUG_MSHN_SIGN 

cout  <<  "Signature  Successfully  Verified"  <<  endl; 

#endif 

*sig_valid  =  MSHN_TRUE; 

}else{ 

#ifdef  DEBUG__MSHN_SIGN 

cout  <<  "Signature  Verification  Failed"  <<  endl; 

#endif 

*sig_valid  =  MSHN_FALSE; 

} 

} 

mshn_free (decSigBuff [0] ->the_data,  NULL) ; 
mshn_free (digest- >the_data,  NULL) ; 

break ; 
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} 


} 

default:  //  Invalid  Signature  algorithm 

cout  <<  "Invalid  Signature  Algorithm"  <<  endl; 

} 

//  Now  clean  up  the  allocated  memory 
CSSM__KEY_PTR  tpKey  =  (CSSM^KEY^PTR)  pKey; 
mshn_f  ree  { tpKey-  >KeyData .  Data ,  NULL)  ; 
mshn_free  (tpKey,  NULL)  ; 
mshn_free (decSigBuf f [0] ,  NULL) ; 
mshn_free (digest,  NULL) ; 
return  result; 

} 

//  This  function  will  return  a  character  string  description 
//  of  the  specified  error  code. 

//  The  caller  of  this  fvmction  is  responsible  for  deleting 
//  the  memory  returned  by  this  function, 
char  *mshn_sl : :mshn_sl_show_error  ( 

int  the_error) 

{ 

char  *result; 
switch  ( the_error )  { 

case  MSHN_OK:  { 

result  =  strdupC’No  error"); 
break ; 

} 

case  MSHN_NOT_INITIALIZED;  { 

result  =  strdupC'MSHN  SL  not  initialized"); 
break ; 

} 

case  MSHN_INITIALIZED:  { 

result  =  strdupC'MSHN  SL  already  initialized"); 
break ; 

} 

case  MSHN_ALG_NOT_FODND :  { 

result  =  strdup ( "Algorithm  not  found" ) ; 
break ; 

} 

case  MSHN_CERT_NOT_FODND :  { 

result  =  strdup ("Certificate  not  found"); 
break ; 

} 

case  MSHN_CERT_INVALID :  { 

result  =  strdup ( "Certificate  is  invalid"); 
break ; 

} 

case  MSHN_CERT_REVOKED :  { 

result  =  strdup ("Certificate  has  been  revoked"); 
break ; 
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} 

case  MSHN_INVALID_SIG:  { 

result  =  strdup ( "Signature  is  invalid"); 
break; 

} 

default :  { 

result  =  (char  *)mshn_Tnalloc  (80,  NULL); 

sprintf  (result,  "Unknown  error  (%d)”,  the__error)  ; 

break; 

} 

} 

return  result; 

} 

//  This  function  will  return  the  error  code  from  the  underlying 
//  security  services  provider, 
int  mshn_sl :  :  get_error  ( ) 

{ 

int  result  =  MSHN_UNKNOWN_ERROR; 

CSSM_ERROR_PTR  the_error  =  CSSM_GetError  ()  ; 
if  (the_error  !=  NULL)  { 

if  (the_error->error  ==  CSSM__0K)  { 
result  =  MSHN_OK; 

}else{ 

result  =  the_error->error; 

} 

} 

return  result; 

} 


//  Find  the  chosen  algorithm  structure 
int  mshn_sl:  :find_alg_params  ( 

int  the_id, 

struct  alg_params  &thej)arams) 


{ 


int  result; 

if  (initialized  ==  MSHN_FALSE)  { 
result  =  MSHN_NOT_INITIALIZED; 
}else{ 


result  =  MSHN_ALG_NOT__FOUND; 

for  (int  idx=0;  idx  <  MSHN_NUM_ALG_IDS ;  idx++)  { 
if  (alg_param_array  [idx]  .mshn__id  -=  the_id)  { 

thejparams  .mshn_id  =  alg_j)aram_array  [idx]  .mshn__id; 
the_params . alg_id  =  alg__param_array  [idx]  .alg_id; 
the_params .  alg__mode  =  alg__param_array[idx].alg_mode; 
the jparams .  alg_padding  =  alg_param_array  [idx]  .alg__padding; 
result  =  MSHN_0K; 
break ; 


} 
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} 

} 

return  result; 

} 

//  Copy  from  a  CSSM_KEY  structure  to  a  mshn_data  structure 
int  mshn_sl : :key_to_mslm_data  ( 
void  *key_ptr, 

mshn_data  *the_key) 

{ 

int  result  =  0; 

CSSM_KEy_PTR  temp_key  =  (CSSM_KEY_PTR)keyjptr; 
the__key->the_length  =  sizeof  (CSSM_KEYHEADER) 

+  temp_key- >KeyDa t a . Length ; 
the_key->the_data  =  (unsigned  char  *) 

mshn^malloc  (the_key->the_length,  NULL)  ; 
memcpy  ( the_key-  >  the_data , 

&  (teTnp_key->KeyHeader)  ,  sizeof  (CSSM^KEYHEADER)  )  ; 
memcpy  (the_key->the_data  +  sizeof  (CSSM_KEYHEADER)  , 
temp_key-  >KeyData .  Data , 
temp_key- >KeyData .  Length)  ; 
return  result; 

} 

//  Copy  from  a  mshn_data  structure  to  a  CSSM_KEY  structure 
int  mshn_sl :  :  mshn_data_to_key  { 

const  mshn_data  *the_key, 
void  **key_ptr) 

{ 

int  result  =  0; 

CSSM_KEY_PTR  temp_key  =  (CSSM_KEY_PTR)  mshn_malloc  { 

sizeof (CSSM_KEY) ,  NULL) ; 
temp_key- >KeyData .  Length  =  the_key-*>the_length 

sizeof (CSSM_KEYHEADER) ; 

temp_key->KeyData.Data  =  (uintS  *) mshn_malloc  ( 

temp_key“>KeyDat a. Length,  NULL) ; 

memcpy  ( &  ( temp_key-  >KeyHeader )  , 

the_key~>the_data,  sizeof  (CSSM_KEYHEADER)  )  ; 
memcpy  ( temp_key-  >KeyData .  Data ,  the_key-  > the_data 

+  sizeof  (CSSM_KEYHEADER)  ,  temp_key~ >KeyData . Length)  ; 

*key_ptr  =  temp_key; 
return  result; 

} 
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APPENDIX  B.  MSHN  DEMONSTRATION  SOURCE  CODE 


A.  CLIENT. CPP 

//***************************************************** 
//  File;  client. cpp 
//  Name:  Roger  Wright 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95 /Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  12  MAY  98 
// 

//  Description:  MSHN  demonstration  client  shell 
//***********+**********★****************************** 

#include  <iostream.h> 

#include  *<stdlib.h> 

#include  <stdio.h> 

#include  <conio.h> 
ttinclude  <f stream. h> 

#include  "mshn_sl.h" 

#include  ” mshn_mem . h " 

#include  ”mshn_com.h" 

#include  "mshn__err  .h” 

#include  ”mshn_types . h” 
tinclude  ”mshn_def s . h" 

#include  ” mshn_demo . h" 

#include  ” showutil . h” 
tinclude  ” commutil . h" 

const  int  BUFF_SIZE  =  1024; 

char  *err_out; 
mshn_sl  *msl_obj ; 
mshn_com  *mc_ob  j  ; 
mshn_data  sym_key; 

//  verify  data  that  was  received  from  the  scheduler 
int  do_verify  {mshn_data  resource__id, 
mshn_data  job^info, 
mshn_data  token_data, 
mshn_data  job_sess_key, 
mshn__data  core_cert, 
mshn__data  sched_sig, 
int  &sig__valid) 

{ 
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int  result  =  MSHN_OK; 

//  Now  prepare  the  inputs  for  verification 
const  int  num_signed_params  =  5; 
const  int  num^params  =  6; 
mshn_data  work_array[numjparams]  ; 

work_array [0]  .the_length  =  resource_id. the_length; 
work_array  [0]  .the_data  =  resource_id. the__data; 
work_array  [1]  .the_length  =  job_info.the_length; 
work__array [1]  .the_data  =  job_info. the_data; 
work__array [2]  .the__length  =  token_data. the_length; 
work_array [2]  .the_data  =  token_data. the_data; 
work_array [3]  .the_length  =  job_sess_key, the_length; 
work_array [3]  .the_data  =  job_sess_key. the_data; 
work_array[4]  .the_length  =  core_cert. the_length; 
work_array  [4]  .the_data  =  core_cert.the_data; 
work_array [5]  .the__length  =  sched_sig. the_length; 
work_array [5]  .the_data  =  sched_sig. the_data; 

mshn_data  piiblic^key; 

result  =  msl__ob j  -  >mshn_sl_get_public_key  ( &core_cert ,  &public_key) 

if  (result  1=  MSHN_OK)  { 

err_out  =  ms l_ob j  ”>mshn_sl_show__error  (result)  ; 
cout  <<  "mshn__sl_get_public_key  "  <<  err__out  <<  endl; 
mshn__free  (err_out,  NULL)  ; 

} 

else  { 

result  =  msl_obj->mshn_sl_sig_verify  (MSHN_ALG_DSA, 

MSHN_ALG__SHA, 

&public_key, 
work_array, 
num__signed_params , 

&:Work_array  [5]  ,  //  the  sig 

&sig_valid) ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  ms l_ob j ->mshn_s l_show_err or  (result)  ; 
cout  <<  "mshn__sl_sig_verify  ”  <<  err_out  <<  endl; 
mshn_f  ree  (err_out ,  NULL)  ; 

} 

if  { I sig_valid)  { 

result  =  MSHN_INVAL1D_SIG; 

} 

} 

return  result; 

} 
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//  verify  data  that  came  from  the  compute  resource 
int  do_verify_resource  (mshn_data  results, 

mshn_data  app_signature, 
mshn_da t a  j  ob_s es s_key , 
int  &sig_valid) 

{ 

int  result  =  MSHN_OK; 

//  Now  prepare  the  inputs  for  verification 

const  int  num_signed_pararas  =  1; 

const  int  numjparams  =  2; 

mshn_data  work_array  [num_params]  ; 

work_array  [0]  .the_length  =  results  .the_length; 

work_array  [0]  .the_data  =  results  .the__data; 

work_array [1]  .the_length  =  app_signature. the_length; 

work_array  [1]  .  the_data  =  app_signature .  the_data ; 

result  =  msl__obj->mshn_sl__sig_verify(MSHN_ALG_DES, 

MSHN_ALG_MD5 , 

& j ob_sess_key , 
work_array, 
num_s igned  jparams , 
&:Work_array  [1]  ,  //  the  sig 

&sig_valid)  ; 

if  (result  1=  MSHN_OK)  { 

err_out  =  ms l_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn__sl__sig_verify  "  <<  err_out  <<  endl; 
mshn_f  ree  (err__out,  NULL)  ; 

} 

if  (!sig_valid)  ( 

result  =  iyiSHN_INVALID_SIG; 

} 

return  result; 

} 

//  sign  data  that  will  be  transmitted  to  the  scheduler 
int  do_signature ( 

const  mshn__data  *user_id, 

const  mshn_data  *cert, 

const  mshn__data  *sched_info, 

const  char  *passphrase, 

mshn_data  *the_sig) 

{ 

int  result  =  MSHN__OK; 

//  Clear  the  output 
the_sig->the_length  =  0; 
the_sig“>the_data  =  NULL; 
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//  Now  prepare  the  inputs  for  signing 
const  int  nuTn_sign  =  3; 
mshn_data  work_array[num_sign]  ; 

work_array  [0]  .the__length  =  user__id->the_length; 
work_array  [0]  .the__data  =  user_id~>the_data; 
work_array  [1]  .the_length  =  cert->the__length; 
work_array  [1]  .the_data  =  cert->the_data; 
work_array  [2]  ,the__length  =  sched_info->the_length; 
work_array  [2]  .the_data  =  sched_info->the_data; 

mshn^data  public_key; 
mshn__data  private_key; 

result  =  msl__obj->Tnshn_sl_get__public_key (cert,  &public_key)  ; 

if  (result  !=  MSHN^OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_get_public_key  "  <<  err_out  <<  endl; 
mshn_free (err^out,  NULL) ; 

}  . 

else{ 

result  =  msl_ob  j  -  >mshn_sl_get__private_key  ( 

&public_key,  &private_key)  ; 

if  (result  1=  MSHN__OK)  { 

err_out  =  ms l_obj ->mshn_sl_show_error  (result)  ; 

cout  <<  "mshn__sl_get_private_key  "  <<  err__out  <<  endl; 

mshn_f  ree  (err__out ,  NULL)  ; 

} 

} 

if  (result  ==  MSHN_0K)  { 

result  =  msl_obj->mshn_sl_sign(MSHN_ALG_DSA, 

MSHN_ALG_SHA, 

&private_key, 
passphrase , 
work_array, 
num_sign, 
the_sig) ; 

if  (result  1=  MSHN_0K)  { 

err_out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  ”mshn_sl__sign  ”  <<  err_out  <<  endl; 
mshn_f  ree  (err_out ,  NULL)  ; 

} 

} 

return  result; 

} 
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//  sign  data  going  to  the  compute 
int  do_signature_resource ( 

const  mshn_data 
const  mshn_data 
const  mshn__data 
const  char 
mshn_data 

{ 

int  result  =  MSHN^OK; 

//  Clear  the  output 
the_sig->the_length  =  0; 
the_sig->the_data  =  NULL; 

//  Now  prepare  the  inputs  for  signing 
const  int  num_sign  =  3; 
mshn_data  work__array  [num_sign]  ; 

work_array  [0]  .the_length  =  job_info->the_length; 
work_array  [0]  .the__data  =  job__infO“>the_data; 
work_array  [1]  .the__length  =  token_data-’>the_length; 
work_array  [1]  .the_data  =  token_data-’>the_data; 
work_array  [2]  .the_length  =  user_cert->the__length; 
work__array  [2]  .the_data  =  user_cert->the_data; 

mshn_data  public_key; 
mshn_data  private_key; 

result  =  msl_obj->mshn_sl__get_public__key  (user_cert,  &public_key)  ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj->mshn_sl_show__error  (result)  ; 
cout  <<  "mshn_sl_get j)ublic_key  "  <<  err_out  <<  endl; 
mshn_free  (err_out,  NULL)  ; 

} 

else{ 

result  =  msl_obj->mshn_sl_get_private_key  ( 

&public_key,  &private_key)  ; 

if  (result  1=  MSHN_OK)  { 

err_out  =  msl__obj ->mshn_sl_show_error  (result)  ; 

cout  <<  ”mshn_sl_get_private_key  ”  <<  err^out  <<  endl; 

mshn_f  ree  (err__out,  NULL)  ; 

} 

} 

if  (result  ==  MSHN_0K)  { 

result  =  msl_obj ->mshn_sl_sign  (MSHN_ALG_DSA, 

MSHN_ALG_SHA, 

&pri  vat  e__key , 
passphrase, 
work_array, 
num_sign, 
the_sig) ; 


resource 

* job_info, 
*token_data, 
*user_cert , 
*passphrase, 
*the_sig) 
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if  (result  !=  MSHN_OK)  { 

err_out  =  rasl_obj ->mshn_sl_show__error  (result) 
cout  <<  '*Tnshn_sl_sign  "  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

} 

} 

return  result; 

} 

//  decrypt  data  that  came 
int  do_decrypt  (  mshn_data 
mshn_data 
mshn__data 
mshn_data 
mshn_data 
mshn  data 


from  the  scheduler 
*resource__id, 

* job_info, 
*token_data, 

*  j  ob_s  e  s  s_key , 

*core_cert, 

*sched_sig) 


{ 

int  result  =  MSHN  OK; 


//  Now  prepare  the  inputs  for  decryption 
const  int  num_signed_jparams  =  5; 
const  int  num_params  =  6; 
mshn_data  work_array  [num_params]  ; 


work_array  [0]  .the_length  = 
work_array  [0]  .the__data  = 
work_array  [1]  .the__length  = 
work_array [1] .the_data 
work_array [2] .the_length  = 
work_array [2] .the_data  = 

work__array  [3]  .the_length  = 
work__array  [3]  .the_data 
work_array  [4]  .the__length  = 
work_array  [4]  .the_data  = 

work_array  [5]  .the_length  = 
work_array [5] .the_data  = 


resource_id-  >the_length; 
resource_id- >the_data ; 
j  ob_inf  o~  >the_length; 
j  ob_inf  o~  >the_data  ; 
token_data-  >the_length; 
token_data-  >the_data  ; 
j  ob_sess_key“  >the_length 
j  ob_sess_key-  >  the_data  ; 
core_cert - > the_length ; 
core_cert  ~  > the_data ; 
s  ched_s  ig  -  >  t  he_l  engt  h  ; 
sched__sig--  >the_data  ; 


mshn_data  *dec_array  [num_params]  ; 
for  (int  i  =  0;  i  <  num_j>arams;  i++)  { 
dec_array[i]  =  (mshn_data  *) 

mshn_malloc (sizeof (mshn_data  *) , 

} 


int  numDecBuff,  bytesDec; 
numDecBuff  =  numjparams; 


result  =  msl_obj ->mshn___sl__decrypt  (&sym__key, 

MSHN_ALG_DES, 

work_array. 


NULL) 
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num^params , 
dec_array, 
&nuniDecBuf  f , 
&bytesDec) ; 


if  (result  !=  MSHN_OK)  { 

err_out  =  ms l_ob j ->mshn_s l___show_err or  (result)  ; 
cout  <<  "mshn_sl_decrypt  "  <<  err__out  <<  endl; 
mshn_f ree (err_out ,  NULL) ; 

} 

else  { 

//  replace  input  with  decrypted  copy 


resour  ce_id-  >the_length 
resource_id- >the_data 
j  ob_inf  o-  >the_length 
j  ob_inf  o-  >the_data 
token__data-  >the_length 
token_data-  >the__data 
j  ob_sess_key-  >the_length 
j  ob_sess_key-  >the_data 
core_cert - > the_length 
core_cert- >the_data 
sched_sig- >the_length 
sched_sig- >the_data 

} 

return  result; 

} 


dec_array [ 0 ] - > the_length 
dec_array [ 0 ] - > the_data ; 
dec__array  [1]  -  >the_length 
dec_array  [1]  ->the_data; 
dec_array[2]  ->the_length 
dec_array [2] ->the_data; 
dec_array  [3]  ->the_length 
dec_array  [3 ]  -  >the_data ; 
dec_array  [4]  ->the_length 
dec_array  [4]  ->the__data; 
dec_array  [5]  ~>the__length 
dec_array  [5]  ->the_data; 


//  decrypt  data  that  came  from  the  compute  resource 
int  do_decrypt_resource  (  mshn_data  *results, 

mshn_data  *app_signature, 
mshn_data  job__sess_key) 


{ 

int  result  =  MSHN_OK; 

//  Now  prepare  the  inputs  for  decryption 

const  int  num_params  =  2; 

mshn_data  work_array  [numj)arams]  ; 

work_array  [0]  .the_length  =  results ->the_length; 

work_array  [0]  .the__data  =  results ->the_data; 

work_array  [1]  .the_length  =  app_signature->the_length; 

work_array  [1]  .the_data  =  app_signature->the_data; 

mshn_data  *dec_array  [num_params]  ; 
for  (int  i  =  0;  i  <  num^params;  i++)  { 
dec_array[i]  =  (mshn_data  *) 

mshn__malloc  (sizeof  (mshn_data  *)  ,  NULL) 
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} 

int  numDecBuff,  bytesDec; 
numDecBuff  =  numjarams  ; 

result  =  msl_obj->tnshn__sl_decrypt  {&job_sess_key, 

MSHN__ALG_DES, 
work^array, 
num_params , 
dec_array, 

&nuinDecBuf  f , 
abytesDec)  ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 

.  cout  «  "mshn_sl_decrypt  "  «  err_out  «  endl; 
mshn_free (err_out,  NULL) ; 

} 

else  { 

//  replace  input  with  decrypted  copy 

results ->the_length  =  dec_array [0] ->the_length; 

results ->the_data  =dec_array[0]->the_data; 

app_signature->the_length  =  dec_array[l]->the_length; 

app_signature->the_data  =  dec_array [1] ->the_data; 

} 

return  result; 

} 

//  encrypt  data  that  will  be  transmitted  to  the  scheduler 

int  do_encrypt ( 

mshn_data  *user_id, 
mshn_data  *cert, 
mshn_data  *sched_info, 
mshn_data  * signature) 

{ 

int  result  =  MSHN_OK; 

//  Now  prepare  the  inputs  for  encryption 
const  int  num_jparams  =  4; 
mshn_data  work_array [num_params] ; 
work_array [0] .the_length  =  user_id->the_length; 
work_array [0] .the_data  =  user_id->the_data; 
work_array [1] .the_length  =  cert->the_length; 
work_array [1] . the_data  =  cert->the_data; 

work_array [2] .the_length  =  sched_info->the_length; 
work_array [2] .the_data  =  sched_info->the_data; 
work_array [3] .the_length  =  signature->the_length; 
work_array [3] .the_data  =  signature->the_data; 
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mshn_data  *enc_array  [num^params]  ; 

for  (int  i  =  0;  i  <  numjparams ;  i++)  { 

enc_array[i]  =  (mshn_data  *) 

mshn_malloc (sizeof (mshn_data  *) ,  NULL) ; 

} 

int  numEncBuff,  bytesEnc; 

numEncBuff  =  numjparams; 

result  =  msl_obj->mshnjSljencrypt  (asym^key, 

MSHNjALG__DES, 
work_array, 
num_params , 
enc_array, 

&:numEncBuff , 

&bytesEnc) ; 

if  (result  !=  MSHN_0K)  { 

err_out  =  ms l^ob j ->mshn_sl_shoWjerror  (result)  ; 
cout  <<  ”mshn_sl__encrypt  "  <<  err^out  <<  endl; 
mshn^free  (err^out,  NULL); 

} 

else  { 

//  replace  input  with  encrypted  copy 
user_id->the_length  =  enc_array [0] ->the_length; 

user_id- >the_data  =  enc_array[0]->the_data; 

cert->the_length  =  enc_array [1] ->the_length; 

cert->the_data  =  enc_array [1] ->the_data; 

sched_info->the_length  =  enc_array  [2] ->the_length; 

sched_info->the_data  =  enc_array[2]->the_data; 

signature ->the_length  =  enc_array[3]->the_length; 

signature- >the_data  =  enc_array  [3] ->the_data; 

} 

return  result; 

} 

//  encrypt  data  going  to  the  compute  resource 
int  do jencrypt_resource ( 

mshn__data  *  j  ob_inf  o , 
mshn jdata  *  t oken ^data , 

mshn^data  *userjCert, 
mshn jdata  *  s ignature ) 


int  result  =  MSHN^OK; 

//  Now  prepare  the  inputs  for  encryption 
const  int  numjparams  =  4; 
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mshn_data  work_array  [num_j3arams]  ; 

work_array [0] . the_length  =  job_info->the_length; 
work_array [0] . the_data  =  job_info->the_data; 
work_array [1] .the_length  =  token_data->the_length; 
work_array [1] .the_data  =  token_data- >the_data ; 
work_array [2] .the_length  =  user_cert->the_length; 
work_array [2] .the_data  =  user_cert->the_data; 
work_array [3] .the_length  =  signature ->the_length; 
work_array [3] .the_data  =  signature- >the_data; 

mshn_data  *enc_array [num_params]  ; 
for  (int  i  =  0;  i  <  num_j)arams;  i++)  { 

enc_array[i]  =  (mshn_data  *) 

mshn_malloc (sizeof (mshn_data  *) ,  NULL) ; 

} 

int  numEncBuf f ,  bytesEnc ; 
numEncBuff  =  numjparams ; 

result  =  msl__obj ->inshn_sl_encrypt  {&sym_key, 

MSHN_ALG_DES , 
work__array, 
num_params , 
enc_array, 

SnumEncBuff , 

ScbytesEnc)  ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 
cout  <<  "inshn_sl_encrypt  "  «  err_out  <<  endl; 
inshn_free  (err_out,  NULL)  ; 

} 

else  { 

//  replace  input  with  encrypted  copy 
job_info->the_length  =  enc_array[0]->the_length; 

job_info->the_data  =  enc_array[0]->the_data; 

token_data->the_length  =  enc_array [1] ->the_length; 

token_data->the_data  =  enc_array [1] ->the_data; 

user_cert- >the_length  =  enc_array [2] ->the_length; 

user_cert->the_data  =  enc_array [2] ->the_data; 

signature- >the_length  =  enc_array[3]->the_length; 

signature ->the_data  =  enc_array [3] ->the_data; 

} 

return  result; 

} 
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//  receive  bundle  from  the  scheduler, 

II  i-t  necessary,  decrypt  and  verify  bundle 
int  do_recv_sched (const  comm_security  comm^sec, 
rashn_data  &resource_id, 
rashn_data  &job__info, 
mshn_data  &token_data, 
mshn_data  &job_sess_key, 
mshn__data  &core_cert, 
mshn_data  &sched_sig) 

{ 


int  result  =  0; 
int  bytes_recv; 


result  =  recv_6_data  (mc_obj  , 

&resource_id, 

"Resource  ID  " , 

&j ob_info, 

"Job  Info  ", 

&token_data, 

"Security  Token  ", 

&j ob_sess_key, 

"Job  Session  Key  ", 

&core_cert , 

"MSHN  Core  Certificate", 
&sched_sig, 

"Scheduler  Signature  ", 
bytes_recv)  ; 


if  (result  ==  MSHN_COM_OK)  { 

if  ( (comm_sec  ==  COMSEC__CON)  |  ]  (comm_sec  ==  COMSEC_BOTH)  )  { 

//We  must  do  decryption 

do_decrypt  (&resource__id, 

& j  ob_inf o , 

&token_data , 

&  j  ob_s  e  s  s__key , 

&core_cert, 

&sched_sig) ; 

} 

if  ((comm^sec  ==  COMSEC_INT)  ||  (comm_sec  ==  COMSEC_BOTH)  )  { 

//We  must  verify  signature 

int  sig_valid  =  0; 
do_verify (resource_id, 
j  ob_inf o , 
token_data, 
j  ob__sess_key , 
core  cert. 
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sched_sig, 
sig_valid) ; 

if  (lsig_valid)  { 

cout  <<  "Signature  failure.  Application  terminated." 
<<  endl; 

result  ==  MSHN_INVALID_SIG; 

} 

} 

} 


return  result; 

} 

//  receive  results  from  compute  resource, 

//  if  necessary,  decrypt  and  verify  results 
int  do_recv_job( const  comm_security  comm_sec, 
mshn_data  &results, 
mshn_data  &app_s ignature , 
mshn_data  j ob_sess_key ) 


{ 

int  result  =0; 
int  bytes_recv; 

result  =  recy_2__data  (mc_ob j  , 

&results, 

"Results  " , 

&app__s  ignature , 

"Application  Signature", 
bytes_recv)  ; 

if  (result  ==  MSHN_COM_OK)  { 

if  ( (comm_sec  ==  COMSEC_CON)  | |  (comm_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  decryption 

do_decrypt_resource ( ^results , 

&app_s ignature , 
job_sess_key) ; 

} 

if  ( (comm_sec  ==  COMSEC_INT)  | |  (comm_sec  ==  COMSEC_BOTH) )  { 

//  We  must  verify  signature 

int  sig__valid  =  0; 
do_verif y_resource (results , 

app_s  ignature , 
job_sess__key, 
sig_valid) ; 
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} 


if  (!sig_valid)  { 

cout  <<  "Signature  failure.  Application  results  are 
NOT  valid.”  <<  endl; 

} 


cout  <<  endl  <<  "**********  APPLICATION  RESULTS  **********11 
<  <  endl ; 

cout  <<  results . the_data  <<  endl; 


} 

return  result; 


//  send  job  to  confute  resource  and  wait  for  results 
//  sign  and  encrypt  job  bundle  if  required 
int  do_send_job (const  comm^security  comm_sec, 

mshn_data  resource_id, 
mshn_data  job_info, 
mshn^data  token^data^ 
mshn_data  user_cert, 
const  char  *passphrase) 

{ 

int  result  =  0; 

cout  <<  "Sending  job  to  compute  resource..."  <<  endl; 

//  Set  up  connection  to  the  Compute  Resource 

result  =  mc_ob j - >mc_connect ( resour ce_id . the_data , 

PORT_CLIENT_RESOURCE) ; 

if  (result  ==  MSHN_COM_OK)  { 
int  bytes_sent; 

cout  <<  "Connection  made"  <<  endl; 
mc_ob j  -  >mc_display  ( cout )  ; 

//  sign  data  before  sending 
mshn_data  signature; 
signature. the_dat a  =  NULL; 
signature.  the_l  eng  th  =  0; 

if  (  (comm_sec  ==  COMSEC_INT)  ||  (comm_sec  ==  COMSEC_BOTH) )  { 
//We  must  do  signature 

do_signature_resource  ( &  j  ob_inf  o , 

&token_data, 

&user_cert, 

passphrase, 

^signature) ; 

} 

if  ( (comm_sec  ==  COMSEC_CON)  ||  (conim_sec  ==  C0MSEC_B0TH) )  { 
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//We  must  do  encryption 

do__encrypt_resource  (&job_info, 

&token_data, 

&user_cert , 

&signature) ; 

} 

//  send  job  input  to  the  compute  resource 
result  =  send_int_4_data  (mc_obj  , 

commas ec , 

"Commvinications  Security  Option”, 
&job_info, 

"Job  Info  " , 

&token_data, 

"Security  Token  ", 

&user_cert , 

"User  Certificate  " , 

&signature, 

"Client  Signature  ", 

bytes_sent)  ; 

if  (result  ==  MSHN_COM_OK)  { 
result  =  MSHN_OK; 

cout  <<  "Sent  ("  <<  bytes_sent  <<  ")  bytes."  <<  eiidl; 
}else{ 

cout  <<  "send_int_4_data:  " 

<  <  mc_ob j  -  >mc_get_error  ( result ) 

<<  endl; 

} 

}else{ 

cout  <<  "mc_connect:  "  <<  mc_obj ->mc__get_error  (result)  <<  endl 


return  result; 

} 

//  prompt  user  for  application  to  run 
int  do_choose_app  (mshn_data  &sched_inf  o) 

{ 

int  result  =  0; 

sched_info. the_data  =  (unsigned  char  *) 

mshn_malloc  (BUFF_SIZE  *  16,  NULL); 

char  choice [80]; 
do  { 


cout  <<  endl; 
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<<  endl; 


cout  <<  "Choose  an  application  to  run:" 
cout  <<  endl; 

cout  <<  "  1)  Application  1"  <<  endl; 

cout  <<  "  2)  Application  2"  <<  endl; 

cout  <<  "  3)  Application  3"  <<  endl; 

cout  <<  "  4)  Application  4"  <<  endl; 

cout  <<  "  5)  Application  5"  <<  endl; 

cin.getline (choice,  80)  ; 

} 

while  (atoi (choice)  <  1  ||  atoi (choice)  >  5); 
switch  (atoi (choice) )  { 
case  1 : 

strcpy  ( sched_inf o .  the_data ,  "Application! " )  ; 
sched_info. the_length  =  strlen ( "Application!" ) ; 
break ; 

case  2 : 

strcpy  (sched_info .  the_data,  "Application2  " )  ; 
sched_info. the_length  =  strlen ("Application2")  ; 
break ; 

case  3: 

strcpy (sched_info . the_data,  "Application3 " ) ; 
sched_info. the_length  =  strlen ( "Application3 ") ; 
break ; 

case  4: 

strcpy  ( sched_inf o .  the^data ,  " Applicat ion4  " )  ; 
sched_info. the_length  =  strlen ( "Application4 " )  ; 
break ; 

case  5: 

strcpy  (sched_info . the_data,  "Applications*’ )  ; 
sched_info.  the_length  =  strlen  ("Applications")  ; 
break; 

default : 
break ; 

//no  default  case 

} 

cout  <<  "You  chose  application:  "  <<  sched_inf o . the_data  <<  endl 
return  result; 

} 
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//  send  job  request  to  the  scheduler, 

! /  xt  necessary,  sign  and  encrypt  the  bundle 
int  do_send_request  (const  comm_security  comm_sec, 

mshn_data  user_id, 
inshn_data  cert, 
mshn_data  sched_info, 
const  char  *passphrase) 


{ 


int  result  =  MSHN  OK; 


//  Set  up  connection  to  the  Scheduler 

result  =  mc_obj ->mc_connect  (IP_SCHEDULER,  PORT_CLIENT_SCHEDULER) 
if  (result  ==  MSHN_COM_OK)  { 
int  bytes_sent; 

cout  <<  "Connection  made"  <<  endl; 
mc_ob j  -  >mc_display  ( cout )  ; 

//  sign  data  before  sending 
ms]:m_data  signature; 
signature. the_dat a  =  NULL; 
signature. the_length  =  0; 

if  ((comm_sec  ==  COMSEC_INT)  ||  (comm_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  signature 
do_signature  (&user__id, 

&cert , 

&sched_info, 

passphrase, 

^signature) ; 

} 

if  ( (coram_sec  ==  COMSEC_CON)  | |  (coinm_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  encryption 
do__encrypt  (&user_id, 

&cert, 

&iSched_info, 

^signature) ; 

} 

//  send  job  input  to  the  scheduler 
result  =  send_int_4_data  (mc_ob j  , 

commas ec, 

"Communications  Security  Option", 
&user_id, 

"User  ID  " , 

&cert, 

"User  Certificate  " , 

&sched_info, 

"Schedule  Info  ", 

^signature. 
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client  Signature 
bytes_sent)  ; 


if  (result  ==  MSHN_COM_OK)  { 
result  =  MSHN__OK; 

cout  <<  "Sent  ("  <<  bytes_sent  <<  ")  bytes."  <<  endl;. 

}else{ 

cout  <<  "send_int_4_data:  " 

< <  mc_ob j  -  >mc__get_error  ( result ) 

«  endl; 

} 

}else{ 

cout  <<  "mc_connect :  "  <<  mc_obj->mc_get_error (result)  <<  endl; 

} 


return  result; 

} 

int  main{int,  char  *  []  )  { 

coram_security  com_sec_option; 
cert_checking  cert_valid_level; 
char  *passphrase; 

mshn_data  user_cert; 
mshn_data  user__id; 
mshn_data  sched_info; 

mshn_data  resour ce_id; 
mshn_data  job_info; 
mshn_data  token_data; 
mshn_da t a  j  ob_s e  s  s_key  ; 
mshn_data  core__cert; 
mshn_data  sched_sig; 

mshn_data  results; 
mshn_data  app_signature ; 

mc_obj  =  new  mshn_com  { )  ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Hello  World"  <<  endl; 
mc_obj->mc_display (cout)  ; 
#endif 

char  *err_out; 
char  duTnTny_in[80]  ; 
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msl_obj  =  new  mshn_sl()  ; 

int  result  =  msl_obj ->mshn_sl_init  ( "dummy  file")  ; 
if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 
cout  <<  "mshn_sl_init  "  «  err_out  <<  endl; 
mshn_free  (err_out,  NULL) 

}else{ 

//  get  the  shared  symmetric  key 
read_data (&sym_key,  key_fname,  BUFF_SIZE) ; 

clrscr  0 ; 

cout  <<  endl  <<  "*******************  MSHN  CLIENT  SHELL 
cout  <<  ’'*******************”  <<  endl; 

cout  <<  endl; 

cout  <<  "This  program  will  allow  you  to  submit  a  job  to  MSHN." 
<<  endl; 

cout  <<  "You  must  identify  yourself,  (certificate  name  and 
passphrase) "  <<  endl; 

cout  <<  "and  select  the  application  you  wish  MSHN  to  execute." 

<<  endl; 
cout  <<  endl; 

cout  <<  "Press  enter  to  continue."  <<  endl; 
cin.getline (dummy_in,  80) ; 

do_register  (msl_obj , 
user_id, 
user_cert , 

&passphrase, 
com_s e c_op t ion , 
cert_valid_level) ; 

char  quit [80] ; 

do  { 

cout  <<  endl; 

cout  <<  "Choose  an  application  to  submit  to  MSHN."  <<  endl; 
cout  <<  "Submit  job,  wait  for  results,  display  results." 

<  <  endl ; 
cout  <<  endl; 

cout  <<  "Continue?  Enter  y/n.  "; 
cin.getline (quit,  80); 

if  (quit[0]  ==  *y'  1|  quit [0]  ==  *Y')  { 

do_choose_app  (sched_info)  ; 

//  send  job  request  to  the  scheduler 
do_send_request  (com__sec_option, 
user_id, 
user_cert, 
sched_info. 


passphrase) ; 


//  receive  response  from  scheduler 
do_recv__sched  ( com_sec_opt  ion , 
resource__id, 
job_info, 
token_data , 
job_sess_key, 
core_cert , 
sched_sig)  ; 

//  make  sure  the  connection  to  scheduler  is  closed 
mc_ob j  -  >mc_close  ( )  ; 

//  send  job  to  compute  resource  and  wait  for  result 
do__s  end_  j  ob  ( com_s  e  c_op  t  i  on , 
resource_id, 
job_info, 
token_data, 
user_cert , 
passphrase) ; 

do_recv_  j  ob  ( com_sec_opt  ion , 
results, 
app_s igna ture , 
j  ob_s  e  s  s_key )  ; 

//  make  sure  the  connection  to  compute  resource  is  closed 
mc_ob j - >mc_close ( ) ; 

} 

}  while  {!(quit[0]  ==  'n'  |1  quit[0]  ==  'N')); 

} 

return  0; 

} 

B.  SCHEDULER. CPP 

*************************************** ************* 

//  File:  scheduler . cpp 
//  Name:  David  Shifflett 
// 

/ /  Pro j  ect :  MSHN 

// 

//  Operating  Environment:  Windows  95 /Windows  NT 
//  Con^iler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  MSHN  demonstration  scheduler  process 

! J ***************************************************** 


//  for  randomize  0 


#include 
#include 
#include 
# include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 


<iostream.h> 
<stdlib.h> 
<time.h> 
<stdio .h> 

<f stream. h> 
"mshn_sl  .h” 
”mshn_mem.h" 
"mshn_cora.h" 
"mshn_defs  .h" 
"mshn_err  .h” 
”mshn_types ,  h" 
”mshn_demo .  h" 
"commutil .h" 
"showutil .h" 


char  *err_out; 

mshn_sl  *msl_obj  ; 

mshn_com  *mc_ob  j  ; 

mshn_data  sym__key; 

const  int  BUFF_SIZE  =  1024; 

cert_checking  core_cert_check; 

comm__security  core_comm_sec  ; 

char  *passphrase; 

mshn__data  core_cert,  core_id; 

char  dummy_in [80] ; 


//  Sign  the  data  to  be  transmitted 
int  do_encrypt  { 


comm_security 

mshn__data 

mshn_data 

mshn__data 

mshn_data 

mshn_data 

mshn_data 

{ 

int  result  =  MSHN_OK; 


c_sec, 

*resource_id, 

* job_info, 
*the_token, 

*  j  ®  ®  y  / 

*core_cert , 
*the_sig) 


if  ( (c_sec  ==  COMSEC_CON)  ||  (c_sec  == . COMSEC_BOTH) )  { 

//  We  must  do  encryption 
//  Now  prepare  the  inputs  for  signing 
const  int  nura_params  =  6; 
mshn_data  work_array [numjparams] ; 

work_array [0] .the_length  =  resource_id->the_length; 
work_array [0] .the_data  =  resource_id- >the_data ; 
work_array [1] .the_length  =  job_info->the_length; 
work_array[l] .the_data  =  job_info->the_data; 
work_array [2] .the_length  =  the_token->the_length; 
work_array [2 ] . the_data  =  the_token- >the_data ; 
work_array  [3]  .the_length  =  job_sess_key->the_length; 
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work_array  [3 ]  .  the_data  =  j ob_sess_key-  >the_data ; 
work_array[4]  .the_length  =  core_cert->the_length; 
work_array[4] .the_data  =  core_cert->the_data; 
work_array[5]  .the^length  =  the__sig->the_length; 
work_array [5] .the_data  =  the_sig->the_data; 

mshn__data  *enc_array  [num^params]  ; 
for  (int  i  =  0;  i  <  num^params ;  i++)  { 
enc_array[i]  =  (mshn_data  *) 

(sizeof  {mshn_data  *)  ,  NULL)  ; 


int  numEncBuff,  bytesEnc; 
numEncBuff  =  num_params; 

result  =  nisl_obj ->Tnshn_sl__encrypt  {&sym_key, 

MSHN_ALG_DES , 
work_array, 
num_j)arams , 
enc_array, 
&numEncBuff , 
&bytesEnc) ; 


if  (result  1=  MSHN_OK)  { 

err_out  =  msl_obj  ~>mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_sign  "  «  err_out  <<  endl; 
tnshn_free  (err_out,  NULL)  ; 

}else{ 

//  copy  the  decrypted  buffers  to  the  output  buffers 
resource_id- >the_length 
resource_id- >the_data 
j  ob_inf  o-  >  the_length 
j  ob_inf  o-  >the__data 


the_token~  >the_length 
the_token-  >the_data 
j  ob_sess_key- >the_length 
j  ob_sess_key- >the_data 
core__cert-  >the_length 
core_cert  ~  > the_data 
the_sig- >the_length 
the_sig-  >the__data 

} 

} 

return  result; 

} 

//  Sign  the  data  to  be  transmitted 
int  do_signature ( 

comm_security 
const  mshn  data 


=  enc_array [ 0 ] - >the_length ; 
=  enc_array [ 0 ] - > the_dat a ; 

=  enc_array [1] - >the_length ; 
=  enc_array [1] ->the_data; 

=  enc_array [2 ] - >the_length ; 
=  enc_arr ay [ 2 ] - > the_data ; 

=  enc_ar r ay [ 3 ] - > the_l ength ; 
=  enc_array [ 3 ] - > the_da ta ; 

=  enc_array [4] ->the_length; 
=  enc_array [4 ] - >the_data ; 

=  enc_array[5] ->the_length; 
=  enc_array [ 5 ] - >the_data ; 


c_sec , 

*resource_id. 
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const  mshn_data 
const  mshn_data 
const  mshn_data 
const  mshn_data 
mshn_data 

int  result  =  MSHN_OK; 

//  Clear  the  output 

the_sig~>the_length  =  0; 

the_sig->the_data  =  NULL; 


*job_info, 

*the_token, 

*  j  ob_s  e  s  s_key , 

*core_cert, 

*the_sig) 


if  ( (c_sec  ==  COMSEC_INT)  | | 
//  We  must  do  signature 


(c  sec  ==  COMSEC_BOTH) )  { 


/ /  Now  prepare  the  inputs  for  signing 
const  int  num_sign  =  5; 
mshn_data  work_array [num_sign]  ; 

work_array[0]  .the_length  =  resource_id->the_length; 
work_array[0]  .the_data  =  resource_id->the_data; 
work_array  [1]  .  the_length  =  job_info->the_length; 
work_array [1] .the_data  =  job_info->the_data; 
work_array[2]  .the_length  =  the_token->the_length; 
work_array[2] .the_data  =  the_token- >the_data ; 
work_array  [3]  .the_length  =  job_sess_key->the_length; 
work_array  [3]  .the_data  =  job_sess_key->the_data; 
work_array[4]  .the_length  =  core_cert->the_length; 
work_array[4]  .the_data  =  core_cert->the_data; 


mshn^data  public_key; 
mshn  data  private_key; 

result  =  msl_obj->mshn_sl_get__jpublic_key(core_cert,  &public_key)  ; 


if  (result  1=  MSHN^OK)  { 

err  out  =  tnsl^obj ->nishn_sl_show_error  (result)  ; 

cout  «  '•mshn_sl_get_p>ublic_key  "  «  err_out  «  endl; 

mshn_free (err_out ,  NULL); 

}®lse{  . 

result  =  msl_obj->mshn_sl_get_private_key( 

&public_key,  &private_key) ; 

if  (result  !=  MSHN_OK)  { 

err  out  =  msl_obj ->mshn_sl_show_error (result) ; 

cout  <<  ''mshn_sl_get_private_key  "  <<  err_out  <<  endl 

mshn_free (err_out,  NULL); 

} 

} 

if  (result  ==  MSHN_0K)  { 

result  =  msl_obj->mshn_sl_sign(MSHN_ALG_DSA, 

MSHN_ALG_SHA, 

&pr  i  vate_key , 
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passphrase, 
work_array, 
num^sign, 
the_sig)  ; 

if  (result  1=  MSHN_OK)  { 

err__out  =  ms l_obj ->mshn__s l_show_err or  (result)  ; 
cout  <<  ”mshn__sl_sign  "  <<  err__out  <<  endl; 
mshn_free  (err_out ,  NULL)  ; 

} 

} 

//  Now  clean  up  the  allocated  memory 
mshn_f  ree  (publ ic_key .  the_data ,  NULL)  ; 
mshn_f  ree  (private_key .  the__data ,  NULL)  ; 

} 

return  result; 

} 

//  Process  the  received  data 

// 

//  this  routine  will  do  the  following 

// 

//  create  unique  request__id. 

//  consult  scheduler 

//  create  unique  job  session  key 

//  write  user__id,  security  level,  request  id,  session  key  to  REQUEST  DB 
//  Fill  in  security  token  (output),  encrypt  session  key  with  resource *s 
//  public  key 

//  Encrypt  session  key  (output)  with  users 's  public  key 
//  Send  to  client,  resource  id  (from  scheduler) ,  job  info  (from 
//  scheduler),  security  token,  encrypted  session  key,  MSHN  core 
//  certificate,  signature 
// 

int  do_schedule ( 

mshn_com  *new__conn, 

comm_security  ‘^^sec , 

mshn__data  user_id, 

mshn_data  blob) 

{ 

int  result  =  MSHN_OK; 

//  Lets  display  what  we  received 
cout  <<  endl  <<  endl  <<  endl; 

show_data__char_ptr(  (CSSM_DATA_PTR)  &user_id,  "User  Id",  1); 
show_data_char_j)tr  ( (CSSM_DATA_PTR)  &blob,  "Job  Info",  1)  ; 
cout  <<  endl  <<  "Press  enter  ";  cin.getline (dummy_in,  80); 

//  create  unique  request_id. 
int  request_id  =  random  (RAND_MAX)  ; 
mshn_data  resource_id,  job_info; 
mshn_data  j  ob_sess_key ,  the_salt ; 
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nishn_data  the_sig; 
mshn_token  the_token; 
mshn  data  token  data; 


//  consult  scheduler 
//  FOR  NOW  JUST  FAKE  IT 

resource_id .  the_data  =  s trdup  ( IP_RES0URCE_1 )  ; 
resource_id.  the__length  =  strlen  {IP_RES0URCE_1)  +  1; 
j ob_inf o . the_data  =  strdup("Run  the  job  as  fast  as  you  can."); 
job_info.  the_length  =  strlen  ( job_info .  the_data)  +  1; 


//  create  unique  job  session  key 
char  key_label[]  =  "DES  Key  Label"; 
result  =  msl_obj->mshn__sl__sym__key_gen( 

MSHN_ALG_DES , 

40, 

the_salt, 
key_label , 
&job_sess_key) ; 


if  (result  !=  MSHN^OK)  { 

err_out  =  ms l_ob j ->mshn_s l_show_err or  (result)  ; 
cout  <<  "mshn_sl_syra_key_gen  "  <<  err_out  <<  endl; 
mshn_f  ree  (err_out ,  NULL)  ; 

}else{ 

//  write  user_id,  security  level,  request  id,  session  key 
//to  REQUEST  DB 

result  =  add_to_req_db  (reqdb_fname,  S:user__id, 

c_sec,  request_id,  S:job_sess_key)  ; 


} 


if  (result  ==  MSHN_OK)  { 

//  Fill  in  security  token  (output) ,  encrypt  session  key 
//  with  resource's  pxiblic  key 

//WE  HAVE  NO  PUBLIC/PRIVATE  KEY  ENCRYPT/DECRYPT,  SO  SEND  • 

//  THE  KEY  IN  THE  CLEAR 
the_token.request_id  =  request_id; 

the_token.  job_session_key.  the_length  =  job_sess_key .  the_length; 
the_token. job_session_key.the_data  =  job_sess_key. the_data; 

//  convert  the  token  to  a  mshn_data 
token_to_mshn_data (the_token,  &token_data) ; 

//  Encrypt  session  key  (output)  with  users 's  ptiblic  key 
//WE  HAVE  NO  PDBLIC/PRIVATE  KEY  ENCRYPT/DECRYPT,  SO  SEND 
/ /  THE  KEY  IN  THE  CLEAR 


} 


//  Sign  the  data  to  be  transmitted 

result  =  do_signature  (c_sec,  &resource_id,  &:job_info, 

&token__data,  &job_sess_key,  &core_cert,  &the__sig)  ; 
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mshn__data  temp_cert; 
temp_cert .  the_data  =  NULL; 
if  (result  ==  MSHN_OK)  { 

//  do  an  encrypt  if  necessary 

temp_cert .  the_length  =  core_cert .  the__length; 

temp^^cert .  th.e__data  =  (unsigned  char  *) 

mshn_malloc  (temp_cert .  the_length,  NULL) 
memcpy  ( t emp_cert .  the_data ,  core_cert .  the_dat a , 
ten^_cert .  the_length)  ; 

result  ~  do_encrypt  (c_sec,  &resource_id,  &job_info, 

&token_data,  &:job_sess_key,  &temp_cert,  &the  sig)  ; 


if  (result  ==  MSHN_OK)  { 

//  Send  to  client,  resource  id  (from  scheduler),  job  info 
/ /  (from  scheduler) ,  security  token,  encrypted  session  key, 
//  MSHN  core  certificate,  signature 
int  bytes_sent; 

result  =  send_6_data  (new__conn. 


} 


&resource_id, 

&job_info, 

&token_data, 

&  j  ob_s  e  s  s_key , 
&temp_cert , 
&the_sig, 
bytes__sent)  ; 

if  (result  ==  MSHN_COM_OK)  { 
result  =  iyiSHN_OK; 

} 


"Resource  ID  ”, 
"Job  information  ", 
"Security  token  ", 
"Job  session  key  ", 


"MSHN  core  certificate", 
"Scheduler  signature  ", 


//  Free  up  allocated  memory 
mshn_free  (temp_cert .  the_data,  NULL)  ; 
mshn_f  ree  (resource_id .  the_data ,  NULL)  ; 
mshn_f ree  ( job_info .  the_data,  NULL)  ; 
mshn_f  ree  ( j ob__sess_key .  the_data ,  NULL)  ; 
mshn_f  ree  ( the_sig .  the__data ,  NULL)  ; 
mshn_f  ree  ( token_data .  the_data ,  NULL)  ; 
return  result; 


//  Verify  the  received  data 
int  verify_request ( 

mshn__com 

int 

mshn_data 
mshn_data 
mshn_data 
mshn  data 

{ 


*new_conn, 

comm_sec, 

user_id, 

cert, 

blob, 

signature) 
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int  result  =  MSHN_OK; 

const  int  num_jparams  =  4; 

const  int  nuin_signedjparams  =  3  ; 

//  Prepare  the  inputs  for  encryption/decryption/signature 
//  verification 

mshn_data  work_array [nura_params] ; 
work_array[0] .the_length  =  user_id.the_length; 
work_array[0] .the_data  =  user_id.the_data? 
work  array [1] .the_length  =  cert.the_length; 
work~array[l] .the_data  =  cert . the_data ; 
work_array[2] .the_length  =  blob.the_length; 
work  array [2] .the_data  =  blob . the_data ; 
work ■ array [3] .the_length  =  signature.the_length, 
work’’array[3] .the_data  =  signature.the_data; 


mshn_data  *dec_array [num_params] ; 
for  (int  idx=0;  idx<num_jparams ;  idx++)  { 
dec  array [idx]  =  (mshn_data  *) 

mshn_malloc(sizeof {mshn_data  *) ,  NULL) ; 


} 


/ j  Determine  how  to  handle  the  inputs 

//  What  decryption/signature  verification  is  necessary? 

comm  security  c_sec  =  comm_sec; 
if  ( (c_sec  ==  COMSEC_CON)  1 |  (c_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  decryption 
int  numdecBuff,  bytesdec; 
numdecBuff  =  num_jparams  ; 


result  =  msl_obj->mshn_sl_decrypt(&sym_key,  MSHN_ALG_DES , 
work  array/  num  params,  dec_array,  snumdecBuff, 
&bytesdec) ; 

if  (result  !=  MSHN__OK)  { 

err  out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  «  "mshn_sl_decrypt  "  «  err_out  «  endl; 
mshn_f  ree ( err_out ,  NULL ) ; 

^  V/  Prepare  for  the  next  steps,  by  putting  the  decrypted 
//  buffers  into  work_array 
for  (int  idx=0;  idx<num_params ;  idx++)  { 
work_array [idx]  .the_length  = 

dec_array [idx] ->the_length; 
work_array[idx]  .the_data  =  dec_array [idx] ->the_data 

} 

} 

} 


if  (result  ==  MSHN_OK)  { 

if  ( (c_sec  ==  COMSEC_INT)  |  1  (c_sec  ==  COMSEC_BOTH) ) 
//We  must  do  signature  verification 
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//  First  verify  the  certificate 

mshn_data  ^certificate  =  &work_array [1] ; 

result  =  do_cert_check  (msl__obj  ,  core_cert_check, 

certificate) ; 

//  Now  get  the  public  key 
mshn_data  public_key; 
if  (result  ==  MSHN_OK)  { 

result  =  msl_obj ->mshn_sl_getjpublic_key  { 

certificate,  &public_key) ; 

if  (result  !=  MSHN_OK)  { 

err__out  =  ms l_ob j ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn__sl_get_public_key  "  <<  err_out  <<  endl; 
mshii__free  (err_out,  NULL)  ; 

} 

} 

//  Now  do  signature  verification 
if  (result  ==  MSHN_OK)  { 
int  sig_valid  =  0; 

result  =  msl_ob  j  -  >mshn_sl_sig_verif  y  (MSHN_ALG_DSA, 
MSHN_ALG_SHA, 

&public_key, 
work_array, 
num_signed_j)araras , 

&work_array [3] ,  //  this  one  is  the  sig 
&sig_valid) ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl__sig_verify  "  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

}else{ 

if  (sig_valid  ==  MSHN_FALSE)  { 
result  =  MSHN_INVALID_SIG; 

err_out  =  msl__obj  ~>mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_sig_verify  ”  <<  err_out  <<  endl; 
mshn_free (err_out ,  NULL) ; 

} 

} 

} 

} 

if  (result  ==  MSHN_OK)  { 

//  If  we  get  here,  the  inputs  have  been  decrypted  and  verified 
//  so  lets  do  something  with  them 
result  =  do_schedule (new_conn,  c_sec, 

work_array[0] ,  //  this  is  the  user_id 

work_array [2]  ) ;  //  this  is  the  blob 
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for  (int  idx=0;  idx<num_params ;  idx++)  { 
inshn_f  ree  (dec_array  [idx]  ,  NULL)  ; 

} 

return  result; 

} 

int  handle_request 0 

{ 

int  result  =  MSHN_OK; 

//  Now  accept  connections  from  the  client/laptop 
.  mshn_com  *new_conn ; 

result  =  mc_obj~>mc_accept  ("Client"  , 

PORT__CLIENT_SCHEDULER,  &new_conn)  ; 
if  (result  ==  MSHN_COM__OK)  { 
result  =  MSHN_OK; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Accepted  connection"  «  endl; 
new_conn->mc_display  (cout)  ; 

#endif 

int  bytes_rec,  comm_sec; 

mshn_data  user_id,  cert,  blob,  signature; 

//  get  the  input  from  the  client/laptop 
result  =  recv_int_4_data(new_conn, 

&comm_sec,  "Communication  security  option" 

&user_id,  "Client  ID  ” 

&cert,  "Client  certificate  ” 

&blob,  "Job  information  " 

^signature,  "Client  signature  " 

bytes_rec) ; 

if  (result  ==  MSHN_COM_OK)  { 
result  =  MSHN__OK; 

cout  <<  "Received  ("  <<  bytes_rec  <<  ")  bytes."  <<  endl; 

//  Now  process  the  received  data 

result  =  verify_request  (new_conn,  comm_sec,  user_id, 
cert,  blob,  signature); 

}else{ 

cout  <<  "recv_int_4_data:  " 

<<  new_conn->mc_get_error (result)  <<  endl; 

} 

//  make  sure  the  connection  is  closed 
new_conn-  >mc_close  ( )  ; 

}else{ 

cout  <<  "mc_accept:  "  <<  mc_obj ->mc_get_error (result)  <<  endl; 

} 

//  make  sure  the  connection  is  closed 
mc__ob j  “  >mc_close  ( )  ; 
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return  result; 

} 

int  maindnt,  char  *  [] )  { 

randomize  0  ;  //  init  random  number  generator 

mc_obj  =  new  mshn_com()  ; 
msl_obj  =  new  mshn_sl()  ; 
core_cert_check  =  CERT_NONE; 

int  result  =  msl_obj~>mshn_sl_init  ("dummy  file”)  ; 
if  (result  !=  MSHN__OK)  { 

err_out  =  ms l_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  ”mshn_sl_init  "  <<  err__out  <<  endl; 
mshn_free  (err_out,  NULL)  ; 

}else{ 

//  Get  the  shared  symmetric  key  for  encryption/decryption 
read_data  ( &sym_key ,  key_f  name ,  BUFF_SIZE)  ; 


do_register  (msl_ob j  ,  core_id,  core_cert ,  &passphrase , 

core_comm_sec,  core_cert_check)  ; 

//  now  receive  and  handle  incoming  scheduling  requests 
while  (result  ==  MSHN__OK)  { 

result  =  handle_request  0  ; 

} 

} 

return  0; 

} 


C.  RESOURCE  STATUS  SERVER 

//**•*******************•*■******************************* 

//  File:  rss.cpp 
//  Name:  David  Shifflett 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date: 

//. 

//  Description:  MSHN  demonstration  Resource  Status  Server  process 
I /**************★************************************** 

#include  <iostream.h> 

#include  <stdlib.h> 

#include  <stdio.h> 

#include  < f stream. h> 
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#include  "Tnshn_sl  .h” 

#include  "mshn^mem.h" 

#include  ”mshn_com.h” 

# include  ” mshn_de f s . h ” 

#include  "mshn_err.h" 

#include  ”mshn_types .h” 

#include  ”mshn_demo.h" 

#include  " commutil . h” 

#include  "showutil . h" 

char  *err_out; 

mshn_sl  .  *msl_obj  ; 

mshn_com  *mc_obj  ; 

mshn_data  sym_key; 

const  int  BUFF_SIZE  ==  1024; 

cert_checking  core_cert_check; 

comings ecurity  core_comTn_sec  ; 

char  *passphrase; 

mshn_data  core_cert ,  core_id ; 

char  dummy_in[80]  ; 

//  Verify  the  received  data 
int  verif y_request ( 

int  request_id, 

mshn^data  resource_id, 

Tnshn_data  stat_info, 

mshn_data  signature) 

{ 

int  result  =  MSHN_OK ; 
const  int  numjparams  =  4; 
const  int  num_encrypted_j>arains  =  3; 
const  int  num_signed_jparams  =  3; 
char  dummy [80]  ; 

//  Prepare  the  inputs  for  encrypt  ion/ decrypt  ion/ signature 
//  verification 

mshn__data  work_array  [num_jparams]  ; 

mshn_data  *dec_ar ray  [numjparams]  ; 
for  (int  idx=0;  idx<num_j)arams ;  idx++)  { 
dec_array  [idx]  =  (mshn_data  *) 

mshn_malloc  (sizeof  {mshn_data  *)  ,  NULL); 

} 

//We  need  to  use  the  request_id  to  look  up  the  data  in  the 
//  REQUEST  DB 

mshn_data  user_id,  sess_key; 
int  coTnm_sec; 
convin_security  c_sec; 

result  =  get_from_reg_db  (reqdb_fname,  request_id,  &user_id. 


146 


comm_sec,  &sess_key) ; 
if  (result  1=  MSHN_OK)  { 

err__out  =  ms l_ob j ->mshn_sl_show_error  (result)  ; 
cout  <<  "get_from_req_db  "  <<  err_out  <<  endl; 
mshn_free  (err_out,  NULL)  ; 

}else{ 

cout  <<  endl  <<  "For  request  ID:  "  <<  request_id  <<  endl; 
cout  <<  "FOUND:  communication  security:  "  <<  comm_sec  <<  endl; 
memcpy (dummy,  user_id. the_data,  user_id. the_length)  ; 
dummy  [user^id .  the_length]  =  '  \  0  *  ; 

cout  <<  "FOUND:  user  id  :  "  <<  dummy  <<  endl; 

cout  <<  "FOUND:  session  key:  "  <<  endl; 

show_pointer  ( sess_key .  the_data ,  sess__key .  the_length, 

"session  key") ; 

//  Determine  how  to  handle  the  inputs 

//  What  decryption/signature  verification  is  necessary? 
c_sec  =  comm__sec; 

if  (  (c_sec  ==:  COMSEC_CON)  |  |  (c_sec  ==  COMSEC_BOTH)  )  { 

//We  must  do  decryption 
int  numdecBuff,  bytesdec; 
numdecBuff  -  num_encrypted_params ; 

work_array  [0]  .the_length  =  resource_id.  the_length; 
work_array [0]  .the_data  =  resource_id. the_data; 
work_array [1]  .the_length  =  stat_info. the_length; 
work_array [1]  .the__data  =  stat_info. the_data; 
work_array [2]  .the_length  =  signature.the_length; 
work_array  [2]  .the_data  =  signature .  the_data; 

result  =  msl_obj ->mshn_sl_decrypt  (&sess_key,  MSHN_ALG_DES , 
work_array ,  num_encrypt ed_params ,  dec__array , 
&numdecBuff ,  &bytesdec) ; 
if  (result  !=  MSHN_0K)  { 

err_out  =  ms l_ob j '“>mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl__decrypt  "  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

}else{ 

//  Prepare  for  the  next  steps,  by  putting  the  decrypted 

//  buffers  into  work_array 

work_array [0] . the_length  =  sizeof(int); 

//  This  field  can*t  be  encrypted 

work_array  [0]  •  the_data  =  (unsigned  char  *)  &request_id; 
for  (int  idx=0;  idx<num_encrypted_params ;  idx++)  { 
work_array  [idx  +  1]  .the__length  = 
dec__array  [idx]  ->the_length; 

work_array  [idx  +  1]  .the_data  =  dec_array  [idx] ->the_data; 

} 

} 

}else{ 

work__array [0]  .  the__length  =  sizeof(int); 

//  This  field  can*t  be  encrypted 
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} 

if 


work_array[0] .the_data  =  (unsigned  char  *) &request_id; 
work_array [1]  .the_length  =  resource_id.the_length; 
work_array  [1]  .the_data  =  resource_id .  the_data  ; 
work_array [2] .the_length  =  stat_info.the_length; 
work_array [2] .the_data  =  stat_info.the_data; 
work_array [3] .the_length  =  signature.the_length; 
work_array [3] .the_data  =  signature. the_data; 


(result  ==  MSHN_OK)  { 

if  ( (c_sec  ==  COMSEC_INT)  | |  (c_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  signature  verification 
int  sig_valid  =  0; 

result  =  msl_obj->mshn_sl_sig_verify  (MSHN_ALG_DES, 
MSHN_ALG_MD5 , 

&sess_key, 
work_array, 
num_signed_params , 

&work_array [3] ,  //  this  one  is  the  signature 
&sig_valid) ; 


if  (result  !=  MSHN^OK)  { 

err_out  =  msl_ob j->mshn_sl_show_error  (result )  ; 
cout  <<  "mshn_sl_sig_verify  "  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

}else{ 

if  (sig_valid  ==  MSHN_FALSE)  { 
result  =  MSHN_INVALID_SIG; 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 
cout  <<  "mshn_sl_sig_verify  "  <<  err_out  <<  endl; 
mshn_f  ree ( er r_out ,  NULL ) ; 

} 

} 

} 

} 


if  (result  ==  MSHN_OK)  { 

//  If  we  get  here,  the  inputs  have  been  decrypted  and  verified 

//so  lets  do  something  with  them 

cout  «  "Received  update  from  resource"  <<  endl; 

memcpy  ( dummy ,  work_array  [  1  ]  .  the_data ,  work_array  [  1  ]  .  the_l  ength)  ; 
dummy [work_array[l] .the_length]  =  '\0'; 

cout  «  "Resource  id  :  "  <<  dummy  <<  endl; 

memcpy  (dummy,  work_array  [2]  .the_data,  work_array  [2]  .the_length)  ; 
dummy [work_array [2] .the_l ength]  =  '\0'; 

cout  «  "Resource  status  info  :  "  <<  dummy  «  endl; 

} 


for  (int  idx=0;  idx<num_params ;  idx++)  { 
mshn_free (dec_array [idx] ,  NULL) ; 
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return  result; 

} 

int  handle_request 0 

{ 

int  result  -  MSHN_OK; 

//  Now  accept  connections  from  the  client/laptop 
mshn_com  *new_conn; 

result  =  mc_obj ->mc_accept  { "Resource” ,  PORT_RESOURCE_RSS,  &new_comi)  ; 
if  (result  ==  MSHN_COM_OK)  { 
result  =  MSHN_OK; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Accepted  connection"  <<  endl; 
new^conn-  >mc_display  { cout )  ; 

#endif 


int  bytes_rec,  req_id; 

mshn_data  resource_id,  stat_info,  signature; 

//  get  the  input  from  the  client/laptop 
result  =  recv_int_3_data  {new_conn, 

&reg_id,  "Job  request  ID  ", 

&resource_id,  "Resource  ID  " , 

&stat_info,  "Resource  status  info", 

ficsignature,  "Resource  signature  ", 

bytes_rec)  ; 

if  (result  ==  MSHN_COM__OK)  { 
result  =  MSHN_OK; 

cout  <<  "Received  ("  <<  bytes_rec  <<  ")  bytes."  <<  endl; 

//  Now  process  the  received  data 

result  =  verify_request  (req_id,  resource__id,  stat_info, 
signature) ; 

}else{ 

cout  <<  " recv_int_3_data :  "  <<  new_conn~>mc_get_error  (result) 
<<  endl; 

} 

//  make  sure  the  connection  is  closed 
new_conn-  >mc_close  ( )  ; 

}else{ 

cout  <<  "mc_accept:  "  <<  mc_obj ->mc_get_error  (result)  <<  endl; 

} 

//  make  sure  the  connection  is  closed 
mc_ob j  -  >mc_close  ( )  ; 
return  result; 

} 
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int  main(int,  char  *  [] )  { 
mc_obj  =  new  mshn_com()  ; 
msl_obj  =  new  mshn_sl(); 
core_cert_check  =  CERT__NONE; 

int  result  =  ms l_obj -•>mshn_sl_init  ( "dummy  file")  ; 
if  (result  !=  MSHN^OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_init  "  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

}else{ 

//  Get  the  shared  symmetric  key  for  encryption/decryption 
read_data  ( &sym_key ,  key_f name ,  BUFF_SIZE)  ; 

do_register (msl_ob j ,  core_id,  core^cert ,  spassphrase , 
core_comm_sec,  core_cert_check) ; 

//  now  receive  and  handle  incoming  scheduling  requests 
while  (result  ==  MSHN^OK)  { 

result  =  handle__request  0  ; 

} 

} 

return  0; 

} 

D.  RESOURCE  REQUIREMENTS  DATABASE 

//***************************************************** 

//  File:  rrd.cpp 

//  Name:  David  Shifflett 

// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date: 

// 

//  Description:  MSHN  demonstration  Resource  Requirements 
//  Database  process 
// 

yy*** ************* ************************************* 

#include  <iostream.h> 

#include  <stdlib.h> 

#include  <stdio.h> 

#include  < f stream . h> 

#include  "mshn_sl.h" 

#include  "mshn__mem . h" 

#include  "mshn_com . h" 

#include  "mshn_def s . h" 
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#include  ”mshn_err . h" 
#include  ”mshn_types . h” 
# include  " mshn__deTno .  h " 
#include  "conunutil .  h" 
#include  "showutil .h" 


char  *err_out; 

mshn_sl  *msl_obj  ; 

mshn_com  *inc_ob  j  ; 

mshn^data  sym_key; 

const  int  BUFF_SIZE  =  1024; 

cert_checking  core_cert_check; 

comm^security  core_comm_sec ; 

char  *passphrase; 

mshn_dat a  core_cert ,  core_id ; 

char  dummy_in [80] ; 


//==== — ================== 

//  Verify  the  received  data 
int  verif y_request ( 

int 

mshn_data 

mshn__data 

mshn_data 

{ 


reguest_id, 

resource_id, 

req_info, 

signature) 


int  result  =  MSHN_0K; 
const  int  nuTtijparams  =  4; 
const  int  num_encrypted_params  =  3; 
const  int  num_signed_j)araTns  =  3; 
char  dummy [80] ; 


//  Prepare  the  inputs  for  encryption/decryption/signature 
//  verification 

mshn_data  work_array  [num_j5arams]  ; 

mshn_data  *dec_array  [num_params]  ; 
for  (int  idx=0;  idx<num_params ;  idx++)  { 
dec_array  [idx]  =  (mshn__data  *) 

mshn_malloc  (sizeof  (mshn_data  *)  ,  NULL) 

} 

//We  need  to  use  the  req[uest__id  to  look  up  the  data  in  the 
//  REQUEST  DB 

mshn_data  user_id,  sess_key; 
int  comm_sec; 
comm_security  c_sec; 

result  =  get_from__reqLdb(reqdb__fname,  request_id,  auser_id, 
comm_sec,  &sess_key) ; 
if  (result  !=  MSHN_0K)  { 

err_out  =  msl_obj->mshn_sl_show_error  (result)  ; 
cout  <<  ”get_from_reg__db  "  <<  err_out  <<  endl; 
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mshn_free (err_out,  NOLL) ; 

}else{ 

cout  «  endl  <<  "For  request  ID:  "  «  request_id  «  endl; 
cout  <<  "FOUND:  communication  security:  "  <<  comm_sec  <<  endl; 
memcpy (dummy,  user_id.the_data,  user_id.the_length) ; 
dummy [user_id. the_length]  =  ' \0 ' ; 

cout  <<  "FOUND:  user  id  :  "  <<  dummy  <<  endl; 

cout  <<  "FOUND:  session  key:  "  «  endl; 

show  pointer  ( sess_key . the_data ,  sess_key . the _ length, 

"session  key") ; 

// .Determine  how  to  handle'  the  inputs 

//  What  decryption/signature  verification  is  necessary? 
c_sec  =  comra_sec; 

if  ( (c_sec  ==  COMSEC_CON)  | |  (c_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  decryption 
int  numdecBuff,  bytesdec; 
numdecBuff  =  num_encrypted_params ; 

work_array[0] .the_length  =  resource_id.the_length; 
work_array[0] .the_data  =  resource_id.the_data; 
work_array[l] .the_length  =  req_info. the_length; 
work_array [ 1 ] - the_data  =  req_inf o . the_data ; 

work_array[2] .the_length  =  signature. the_length; 
work_array [2] .the_data  =  signature. the_data; 


result  =  msl_obj->mshn_sl_decrypt(&sess_key,  MSHN_ALG_DES , 

work_array,  num_encrypted_params ,  dec_array, 
finumdecBuff ,  &bytesdec) ; 
if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 
cout  <<  "mshn_sl_decrypt  "  <<  err_out  <<  endl; 
mshn_f ree (err_out ,  NULL) ; 

}else{ 

//  Prepare  for  the  next  steps,  by  putting  the  decrypted 
//  buffers  into  work_array 
work_array[0] .the_length  =  sizeof (int) ; 

//  This  field  can't  be  encrypted 

work_array[0] .the_data  =  (unsigned  char  *) &request_id; 
for  (int  idx=0;  idx<num_encrypted_params ;  idx++)  { 
work_array [idx  +  1] .the_length  = 
dec_array [idx] ->the_length; 

work_array [idx  +  1] .the_data  =  dec_array [idx] ->the_data; 

} 

} 

}else{ 

work_array [0] .the_length  =  sizeof (int) ; 

//  This  field  can't  be  encrypted 

work  array  [0]  .the_data  =  (xinsigned  char  *)  &request_id; 
work~array [1] .the_length  =  resource_id. the_length; 
work_array [1] .the_data  =  resource_id.the_data; 
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} 


} 


work_array [2]  .the_length  =  req_info. the_length; 
work_array [2]  .the__data  =  req_info. the_data; 
work_array [3]  .the_length  =  signature.the_length; 
work_array  [3]  .the_data  =  signature  .the_data; 


if  (result  ==  MSHN_OK)  { 

if  ({c__sec  ==  COMSEC__INT)  ||  {c_sec  ==  COMSEC_BOTH)  )  { 

//  We  must  do  signature  verification 
int  sig_valid  =  0; 

result  =  msl_obj ->mshn_sl_sig_verify  {MSHN_ALG_DES, 

MSHN_ALG_MD5 , 

&sess__key, 
work_array, 
num_signedj)arams , 

&work__array  [3]  ,  //  this  one  is  the  signature 
&sig_valid) ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj->mshn_sl_show_error  (result)  ; 
cout  <<  ”mshn_sl_sig_verify  "  <<  err_out  <<  endl; 
mshn__f  r ee  ( er r_out ,  NULL )  ; 

}else{ 

if  (sig_valid  ==  MSHN_FALSE)  { 
result  =  MSHN_INVALID_SIG; 

err_out  =  ms l_ob j '->mshn__sl_show__error  (result)  ; 
cout  <<  ”mshn_sl_sig__verify  "  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

} 

} 

} 

} 

if  (result  ==  MSHN_OK)  { 

//  If  we  get  here,  the  inputs  have  been  decrypted  and  verified 

//so  lets  do  something  with  them 

cout  <<  "Received  update  from  resource"  <<  endl; 

memcpy  ( dummy ,  work_a r r ay  [  1  ]  .  t he_da t a ,  work__ar r ay  [  1  ]  .  the_l ength )  ; 

dummy  [work_array  [1]  .  the_l ength]  =  *  \  0 '  ; 

cout  <<  "Resource  id  :  "  <<  dummy  <<  endl; 

memcpy  (dummy,  work_array  [2]  .the__data,  work__array  [2]  .the_l ength)  ; 

dummy  [work_array  [2]  .  the_length]  =  *\0*; 

cout  <<  "Requirements  info  :  "  «  dummy  <<  endl; 


for  (int  idx=0;  idx<num__params ;  idx++)  { 
mshn_free  (dec_array  [idx]  ,  NULL)  ; 

} 

return  result; 

} 
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int  handle_request 0 

{ 

int  result  =  MSHN  OK; 


//  Now  accept  connections  from  the  client/laptop 
mshn_com  *new_conn  ; 

result  =  mc_obj->mc_accept  ("Resource”,  PORT_RESOURCE_RRD,  &new_conn) 
if  (result  ==  iy[SHN__COM_OK)  { 
result  =  MSHN_OK; 

#if  defined  (DEBUG_MSHN___COM) 

cout  <<  "Accepted  connection”  <<  endl; 
new_conn-  >mc_display  ( cout )  ; 

#endif 

int  bytes_rec,  req^id; 

mshn_data  resource_id,  req_info,  signature; 


//  get  the  input  from  the  client/laptop 
result  =  recv_int_3_data(new_conn, 

&req_id,  "Job  request  ID  ", 
&resource_id,  "Resource  ID  ", 
&:req_info,  "Resource  requirements  info", 
Scsignature,  "Resource  signature  ", 
bytes_rec) ; 


if  (result  ==  MSHN_COM_OK)  { 
result  =  MSHN_OK; 

cout  <<  "Received  ("  <<  bytes_rec  <<  ")  bytes."  <<  endl; 


//  Now  process  the  received  data 

result  =  verify_request  (req^id,  resource_id,  req_info,  signature) 
}else{ 

cout  <<  "recv__int_3_data:  "  <<  new_conn->mc_get_error  (result) 

<<  endl; 

} 

//  make  sure  the  connection  is  closed 
new_conn->mc__close  0  ; 

}else{ 

cout  <<  "mc_accept:  "  <<  mc_obj ->mc_get_error (result)  <<  endl; 

} 

//  make  sure  the  connection  is  closed 
mc_ob  j  -  >mc_close  ( )  ; 
return  result; 

} 

int  main (int,  char  * []  )  { 

mc_ob j  =  new  mshn_com  ( )  ; 
msl_obj  =  new  mshn_sl(); 
core  cert  check  =  CERT_NONE; 
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int.  result  =  ms l_ob j  - >mshn_sl_init  { "dummy  file")  ; 
if  (result  i=  MSHN__OK)  { 

err__out  =  msl_obj  “>mshn_sl_show__error  (result)  ; 
cout  <<  "mshn_sl__init  "  <<  err_out  <<  endl; 
mshn_free (err_out ,  NULL) ; 

}else{ 

//  Get  the  shared  symmetric  key  for  encryption/decryption 
read_dat a  ( &sym_key ,  key_f  name ,  BUFF_S  I ZE )  ; 

do_register  (msl_obj,  core_id,  core_cert,  &passphrase, 

core_comm_sec,  core_cert_check) ; 

//  now  receive  and  handle  incoming  scheduling  requests 
while  (result  ==  MSHN__OK)  { 

result  =  handle_re quest {) ; 

} 

} 

return  0; 

} 


E .  COMPUTE  RESOURCE 


j  j  **********  **************************************Tllr**** 

//  File:  resource. cpp 
//  Name:  Roger  Wright 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  12  MAY  98 
// 

//  Description:  MSHN  demonstration  compute  resource  process 
//***************************************************** 


# include 
#include 
#include 
# include 
#include 
#include 
# include 
# include 
# include 
# include 
# include 
# include 
# include 


<iostream.h> 
<stdlib.h> 
<stdio.h> 
<fstream.h> 
"mshn_sl  .h" 
"mshn_mem.h" 
"mshn_com.h" 
"mshn_defs  .h" 
"mshn_err  .h" 
"mshn_types .  h" 
"commutil .h" 
"mshn_demo .  h" 
"showutil .h" 
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char  *err_out; 
mshn_sl  *msl_obj ; 
mshn_com  *mc_ob j ; 
mshn_data  sym_key; 
mshn_data  job_sess_key; 
const  int  BUFF_SIZE  =  1024; 
cert_ch'ecking  resource_cert_check  ; 
comm_security  resource_comm_sec ; 
char  *passphrase; 

mshn_data  resource_cert ,  resource_id; 
int  request_id; 


char  dummy_in[80] ; 


//  Encrypt  the  data  to  be  transmitted  to  the  client 

int  do_encrypt_client  ( 

mshn_data  *results, 

mshn_data  *app_signature) 

{ 

int  result  =  MSHN_OK; 


//  Now  prepare  the  inputs  for  encryption 
const  int  num_parains  =  2  ; 
mshn_data  work_array [numjparams] ; 

work  array [0] .the_length  =  results->the_length; 
work  array [0] .the_data  =  results->the_data/ 
work~array[l] .the_length  =  app_signature->the_length; 
work_array [ 1 ] . the_data  =  app_s ignature - >the_data ; 

mshn_data  *enc_array [num _params] ; 
for  (int  i  =  0;  i  <  num_params;  i++)  { 

enc_array[i]  =  (mshn_data  *) 

mshn  malloc (sizeof (mshn_data  *) ,  NULL) 


} 


int  numEncBuff,  bytesEnc; 
numEnoBuff  =  num_params; 

result  =  msl  obj->mshn  si  encrypt (&job_sess_key, 

MSHN_ALG_DES , 
work_array, 
num__params , 
enc_array, 
snumEncBuf f , 
sbytesEnc) ; 


if  (result  !=  MSHN_OK)  { 

err_out  =  ms l_ob j ->mshn_sl_show_error (result) ; 
cout  «  ''mshn_sl_encrypt  ■'  «  err_out  «  endl; 
mshn_free (err_out,  NULL) ; 

}else{ 
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//  copy  the  decrypted  buffers  to  the  output  buffers 

_ n  4- «  n  ^  j_i T 


} 


results ->the_length 
results- >the_data 
app_signature-  >the_length 
app_signature- >the_data 

} 

return  result; 


=  enc_array  [ 0]  - >the_length; 
=  enc_array  [  0  ]  -  > the_data  ; 

=s  enc_array  [  1  ]  -  >the_length  ; 
=  enc_ar ray  [  1  ]  -  > the_data  ; 


//  Encrypt  the  data  to  be  transmitted  to  the  mshn  core  components 
int  do_encrypt_core  ( 

mshn_data  *resource_id, 

mshn_da ta  * inf o , 

mshn_dat a  *  s ignature ) 


{ 

int  result  =  MSHN_0K; 


//  Now  prepare  the  inputs  for  encryption 
const  int  num_j)arams  =  3; 
mshn_data  work_array  [num_params]  ; 

work_array  [0]  .the_length  =  resource_id->the_length; 
work_array [0] .the_data  =  resource_id->the_data; 

work_array  [1]  .the_length  =  info->the__length; 
work_array  [1]  .the_data  =  info->the_data; 
work_array  [2]  .the_length  =  signature->the_length; 
work__array  [2]  .the_data  =  s ignature ->the_data; 
mshn_data  *enc_array  [num_j>arams]  ; 
for  (int  i  =  0;  i  <  n\im__params ;  i++)  { 
enc_array[i]  =  (mshn_data  *) 

mshn__malloc  (sizeof  {mshn_data  *)  ,  NULL); 

} 


int  numEncBuff,  bytesEnc; 
numEncBuff  =  num_j)arams; 


result  =  msl_ob j  -  >mshn_sl_encrypt  ( & j  ob_sess_key , 

MSHN_ALG_DES , 
work_array, 
num_j>arams , 
enc_array, 
anumEncBuf f , 
&bytesEnc) ; 


if  (result  1=  MSHN_OK)  { 

err_out  =  ms l_ob j ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_encrypt  "  <<  err_out  <<  endl; 
mshn_f ree ( e r r_out ,  NULL )  ; 

}else{ 
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//  copy  the  decrypted  buffers  to 
resource_id->the_length  =  enc_ 

resource_id->the_data  =  enc_ 

info->the_length  =  enc_ 

info~>the_data  =  enc^ 

s igna tur e  ~  > the_l engt h  =  enc_ 

signature- >the_dat a  =  enc_ 


the  output  buffers 
array [0] - >the_length; 
array [ 0 ] - >the_data ; 
array [1] ->the_length; 
array [1] ->the_data; 
array [ 2 ] - > t he_l engt h ; 
array [2] ->the  data; 


return  result; 

} 


//  Sign  the  data  to  be  transmitted  to  the  client 
int  do_sign_client  ( 

const  mshn_data  *results, 

mshn_dat  a  *  app__s  ignature ) 


{ 


int  result  =  MSHN_OK; 

//  Clear  the  output 
app_signature- >the_length  =  0 ; 
app_signature->the_data  =  NULL; 


//  Now  prepare  the  inputs  for  signing 

const  int  num__sign  =  1; 

mshn_data  work_array  [num_sign]  ; 

work_array  [0]  .the_length  =  results- >the_length; 

work_array  [0]  .  the_data  =  results ->the_data; 

result  =  msl_obj ->mshn_sl_sign  (MSHN_ALG_DES, 

MSHN_ALG_MD5 , 

& j ob_s e s s_key , 
NULL, 

work_array, 
num_sign, 
app_s ignature) ; 


if  (result  !=  MSHN_OK)  { 

err__out  =  msl_obj ->mshn_sl_show__error  (result)  ; 
cout  <<  "mshn_sl_sign  ”  <<  err_out  <<  endl; 
mshn_f  ree ( err_out ,  NULL ) ; 

} 


return  result; 

} 

//  Sign  the  data  to  be  transmitted  to  the  mshn  core  components 
int  do_sign_core  ( 

const  mshn_data  *resource_id. 
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const  mshn_data  *info, 
mshn^dat a  *  s ignatur e ) 

int  result  =  MSHN_OK; 

//  Clear  the  output 
signature ->the_length  =  0; 
signature ->the_data  =  NULL; 

//  Now  prepare  the  inputs  for  signing 
const  int  num_sign  =  3; 
mshn_data  work__array  [num_sign]  ; 
work_array  [0]  .  the_length  =  sizeof(int); 

work_array  [0]  .  the_data  =  (unsigned  char  *)  &request_id; 
work__array  [1]  .the_length  =  resource_id->the_length; 
work_array  [1]  .the_data  =  resource_id->the_data; 
work_array  [2]  .the_length  =  info->the_length; 
work_array  [2]  .the_data  =  info~>the_data; 

result  =  msl_obj->Tnshn__sl_sign(MSHN_ALG_DES, 

iyiSHN_ALG_MD5 , 

& j  ob_s  e  s  s_key , 

NULL, 

work_array, 
num^sign, 
signature) ; 

if  (result  1=  MSHN_OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 
cout  <<  "mshn_sl_sign  "  «  err_out  <<  endl; 
nishn_free  (err_out,  NULL)  ; 

} 


return  result; 

} 


//  Verify/Decrypt  the  data  received  from  the  client 
int  verify_request ( 


int 

mshn_data 
mshn_data 
mshn_data 
mshn  data 


comm_sec, 

&j ob_info, 
&token_data, 
&user_cert , 
^signature) 


int  result  =  MSHN_OK; 

const  int  num_params  =  4; 

const  int  num_signedjparams  =  3; 


//  Prepare  the  inputs  for  encryption/decryption/signature 
//  verification 

mshn__data  work_array  [numjparams]  ; 
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work  array [0] .the_length  =  job_info.the_length; 
work  array [0] •the_data  =  job_info.the_data; 
work_array [ 1 ] . the_length  =  token_data . the_length. ; 
work_array [1] . the_data  =  token_data. the_data; 
work_array [2] .the_length  =  user_cert . the_length; 
work_array [2] .the_data  =  user_cert . the_data; 
work_array [3] .the_length  =  signature.the_length; 
work_array[3] .the_data  =  signature.the_data; 

mshn_data  *dec_array [num_params] ; 
for  (int  idx=0;  idx<num_params ;  idx++)  { 
dec_array  [idx]  =  (tnshn_data  *) 

tnshn_malloc (sizeof (mshn_data  *) ,  NULL) ; 

} 

//  Determine  how  to  handle  the  inputs 

//  what  decryption/signature  verification  is  necessary? 

comm_security  c_sec  =  (coram_security)  coinm_sec; 

if  ( (c_sec  ==  COMSEC_CON)  ] |  {c_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  decryption 
int  numdecBuff,  bytesdec; 
numdecBuff  =  num_params; 

result  =  msl_obj->mshn_sl_decrypt  (&sym_key,  MSHN_ALG_DES , 
work_array,  num_params,  dec_array, 

SinumdecBuf  f ,  fibytesdec)  ; 
if  (result  !=  MSHN_0K)  { 

err_out  =  msl_obj ->mshn_sl_show_error (result) ; 
cout  <<  "mshn_sl_decrypt  ''  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

}else{ 

//  Prepare  for  the  next  steps,  by  putting  the  decrypted  buffers 
//  into  work_array 

for  (int  idx=0;  idx<num_params ;  idx++)  { 

work_array[idx]  .the_length  =  dec_array[idx]->the_length; 
work_array[idx]  .the_data  =  dec_array [idx] ->the_data; 

//  copy  decrypted  data  back  to  original 
j ob_inf o . the_length  =  work_array [0] .the_length; 
job_info.the_data  =  work_array [0] .the_data; 

token_data . the_length  =  work_array [1] .the_length; 
token_data . the_data  =  work_array[l] .the_data; 
user_cert . the_length  =  work_array [2] .the_length; 
user_cert . the_data  =  work_array [2] .the_data; 
signature. the_length  =  work_array [3] .the_length; 
signature . the_data  =  work_array [3] .the_data; 

} 

} 

if  (result  ==  MSHN_0K)  { 

if  (  (c_sec  ==  COMSEC_INT)  |  |  (c_sec  ==  COMSEC_BOTH)  )  { 

//We  must  do  signature  verification 


//  First  verify  the  certificate 
mshn_data  *certificate  =  &work_array [2] ; 

result  =  do_cert_check (msl_obj ,  resource_cert_check ,  certificate) 

//  Now  get  the  public  key 

mshn_data  ptiblic_key; 
if  (result  ==  MSHN_OK)  { 

result  =  msl_obj->mshn_sl_get_pTablic_key  { 
certificate,  &piiblic_key)  ; 

if  (result  !=  MSHN_OK)  { 

err_out  =  msl_obj->mshn_sl_show_error (result) ; 

cout  «  "mshn_sl_get_public_key  "  «  err_out  «  endl; 

mshn_free (err_out,  NULL) ; 

} 

} 

//  Now  do  signature  verification 
if  (result  ==  MSHN_OK)  { 
int  sig_valid  =  0; 

result  =  msl_obj ->mshn_sl_sig_verify  {MSHN__ALG_DSA, 
MSHN_ALG_SHA, 

&public_key, 
work_array, 
nuTn_signed_params , 

&work__array[3]  ,  //  this  one  is  the  signature 
&sig_valid) ; 

if  (result  !=  MSHN__OK)  { 

err_out  =  ms l_obj ->mshn_s l_show_err or  (result)  ; 
cout  <<  ”mshn_sl__sig_verify  "  <<  err___out  <<  endl; 
mshn_free(err_out,  NULL) ; 

}else{ 

if  (sig_valid  ==  MSHN^FALSE)  { 
result  =  MSHN_INVALID_SIG; 

err_out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_sig_verify  ”  <<  err_out  <<  endl; 
mshn_free (err_out,  NULL) ; 

} 

} 

} 

} 

} 


if  (result  ==  MSHN_OK)  { 

//  If  we  get  here,  the  inputs  have  been  decrypted  and  verified 

//so  lets  do  something  with  them 

cout  <<  "Job  Request  accepted."  <<  endl; 

for  (int  idx=0;  idx<num_params ;  idx++)  { 
mshn  free (dec_array [idx] ,  NULL) ; 
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} 


return  result; 


int  handle_request 0 

{ 

int  result  =  MSHN  OK; 


//  Now  accept  connections  from  the  client/laptop 

mshn_com  *new_conn  ; 

result  =  mc__ob j  - >mc__accept  ( "Client "  , 

PORT_CLIENT_RESOURCE ,  &new_conn)  ; 
if  (result  ==  MSHN^COM^OK)  { 
result  MSHN  OK; 


#ifdef  DEBUG_MSHN_COM 

cout  «  "Accepted  connection"  <<  endl; 
new_conn-  >mc_di splay  ( cout )  ; 

#endif 

int  bytes_rec; 

mshn__data  job_info,  token_data,  user_cert,  signature; 

//  get  the  input  from  the  client/laptop 
result  =  recv_int___4_data  (new_conn, 

(int  *)  &resource_comm_sec, 
"Communications  Security  Option", 
&job_info, 

"Job  Info  ", 

&token__data , 

"Security  Token  ", 

&user_cert, 

"User  Certificate  " , 

&signature, 

"Client  Signature  ", 

bytes__rec)  ; 

if  (result  ==  MSHN__COM__OK)  { 
result  =  MSHN_OK; 

cout  <<  "Received  ("  <<  bytes_rec  <<  ")  bytes."  <<  endl 

//  Now  process  the  received  data 

result  =  verify_reguest (resource_comm_sec, 

job_info, 
token_data , 
user_cert, 
signature) ; 


if  (result  ==  MSHN_OK)  { 
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//  decrypt  job  session  key 

//  run  the  application 

//  send  output  to  client 
mshn_data  results; 
mshn_data  app_signature; 
mshn_token  the_token; 

mshn__data_to_token  ( &token_data ,  &the_token)  ; 

j  ob_sess_key .  the_length  = 

the_token .  j  ob__session_key .  the_length; 
j  ob_sess_key . the_data  = 

the_token .  j  ob___sess  ion_key .  the__data  ; 

request_id  -  the_token. request_id; 

//  fill  results  with  data  just  to  test  comms 

char  *result_data  =  "This  is  sample  job  results"; 
results .  the_length  =  strlen{result_data); 
results . the_data  =  result_data; 

if  (  (resource__comm_sec  ==  COMSEC_INT)  |  | 
(resource__comm_sec  ==  COMSEC_BOTH) )  { 

//  We  must  do  signature 

do_sign_client ( ^results ,  &app_sighature) ; 

} 

if  { (resource_comm_sec  ==  COMSEC_CON)  | | 
(resource__comm_sec  ==  COMSEC_BOTH) )  { 

//We  must  do  encryption 

do_encrypt_client {^results,  &app  signature); 

} 

int  bytes_sent; 
send_2_data (new_conn, 

^results, 

&app_signature , 
bytes__sent)  ; 

} 

}else{ 

cout  <<  "recv_int_4__data:  " 

<<  new_conn->mc_get_error (result)  <<  endl; 

} 

//  make  sure  the  connection  is  closed 
new_conn->mc_close  {)  ; 


"Results 

"Application  Signature", 


163 


} 


}else{ 

cout  <<  ”mc_accept : 


”  <<  mc_obj->Tnc_get_error  (result) 


//  make  sure  the  connection  is  closed 
mc_ob  j  -  >mc_close  { )  ; 
return  result; 


<< 


//  send  job  status  info  to  the  resource  status  server 
//  if  necessary,  sign  and  encrypt  data  first 
int  update_rss{) 

{ 

int  result  =  MSHN_OK; 
mshn__data  status__info; 

cout  <<  "Sending  status  info  to  resource  status  server...” 
//  Set  up  connection  to  the  RSS 

result  =  mc__obj ->mc_connect  (IP_RSS,  PORT_RESOURCE_RSS)  ; 
if  (result  ==  MSHN_COM_OK)  { 
int  bytes_sent; 

cout  <<  "Connection  made”  <<  endl; 
me  ob j  -  >mc__di splay  ( cout )  ; 

/ /  create  bogus  status  info 

char  *stat_data  =  "This  is  sample  job  status  data"; 
status_info.the_length  =  strlen (stat_data)  ; 
status_info.  the_data  =  stat__data; 

//  sign  data  before  sending 
mshn_data  signature; 
signature .  the_dat  a  =  NULL; 
signature.the_length  =  0; 

mshn_data  t  empire  sour  ce_id; 

temp  resource^id . the__length  =  resource__id. the__length; 

temp  resource__id- the _ data  =  (unsigned  char  *) 

~  mshn_malloc  ( resour ce_id.  the_l eng th,  NULL)  ; 
memepy  ( t  empires  our  ce_id .  the__data ,  resource_id .  the^data , 

resource_id.  the__length)  ; 

if  ( (resource_comm_sec  ==  COMSEC_INT)  | | 

(resource  comm__sec  ==  COMSEC _ ^BOTH)  )  { 

//We  must  do  signature 

do_sign_core ( &temp_resource_id, 

&status_info, 

^signature) ; 

} 


endl  ; 


<<  endl; 
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if  (  (resource__comm_sec  ==  COMSEC__CON)  (  | 

(resource_comm_sec  ==  COMSEC_BOTH) )  { 

//  We  must  do  encryption 

do_encrypt_core  ( &temp_resource_id , 

&status_info, 

^signature) ; 

} 

//  send  job  status  info  to  the  resource  status  server 
result  =  send__int_3_data  (mc_obj  , 

request_id, 

"Request  ID  " , 

&t emp_resour ce_id , 

"Resource  ID  " , 

&status_info, 

"Status  Info  ", 

&signature, 

"Resource  Signature", 
bytes_sent)  ; 

if  (result  ==  MSHN_COM_OK)  { 
result  =  MSHN_OK; 

cout  <<  "Sent  ("  <<  bytes_sent  <<  ")  bytes."  <<  endl; 

}else{ 

cout  <<  "send__int^3_data :  "  <<  mc_obj ->mc_get__err or  (result) 
<<  endl; 

} 

}else{ 

cout  <<  "mc^connect :  "  «  mc_ob j  - >mc_get  error  (result)  <<  endl; 

} 

//  make  sure  the  connection  is  closed 
mc_ob j - >mc_close ( ) ; 

return  result; 

} 

//  send  job  requirements  info  to  the  resource  requirements  database 
//  if  necessary,  sign  and  encrypt  data  first 
int  update_rrd() 

{ 

int  result  =  MSHN_OK; 
mshn_data  requirements_info; 

cout  <<  "Sending  requirements  info  to  resource  requirements 
database. . . "  <<  endl; 

//  Set  up  connection  to  the  RRD 
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result  =  tnc_obj ->mc_connect  (IP_RRD,  PORT_RESOIJRCE_RRD)  ; 
if  (result  ==  MSHN_COM_OK)  { 
int  bytes_sent; 

cout  <<  "Connection  made"  <<  endl; 
me  ob j  -  >mc_display  ( cout )  ; 

//  create  bogus  requirements  info 

char  *req_data  =  "This  is  sample  job  requirements  data" 

requirements _ info. the _ length  =  strlen {req_data) , 

requirements_info. the_data  =  req_data; 


//  sign  data  before  sending 
mshn_data  signature; 
signature . the_data  =  NULL; 
signature . the_length  =  0; 

mshn_data  ten^_resource_id; 

temp_resource_id.the_length  =  resource_id. the_length; 
temp  resource_id . the_data  =  (unsigned  char  *) 

~  mshn_malloc (resource_id. the_length,  NULL) ; 
memepy {temp_resource_id. the_data,  resource_id . the_data , 
resource_id.  the^length)  ; 

if  ( (resource^comm^sec  ==  COMSEC^INT)  | | 
(resou3rce__coinm__sec  ==  COMSEC_BOTH)  )  { 

//We  must  do  signature 

do_sign_core  {&temp_resource_id, 

&:requirements__inf  o , 
ficsignature)  ; 

} 

if  (  (resource_comm__sec  ==  C0MSEC__C0N)  |  | 
(resource_comm_sec  ==  COMSEC__BOTH)  )  { 

//We  must  do  encryption 
do__encrypt_core  ( &temp_resource__id, 

&requirement  s_inf  o , 

&signature) ; 

} 

//  send  job  status  info  to  the  resource  status  server 

result  =  send^^int _ 3 _ data  (me _ obj  / 

request_id, 

"Request  ID  " / 

&temp_resource_id, 

"Resource  ID  " , 

&requirements_inf o , 
"Requirements  Info  ", 
^signature, 

"Resource  Signature", 
bytes_sent)  ; 
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if  (result  ==  MSHN_COM_OK)  { 
result  =  iyiSHN__OK; 

cout  <<  "Sent  ("  <<  bytes_sent  <<  ”)  bytes.”  <<  endl; 

}else{ 

cout  <<  "send_int_3_data :  "  <<  mc_obj ->mc__get_error  (result) 
<<  endl; 

} 

}else{ 

cout  «  "rac_connect:  "  «  mc_obj ->mc_get_error  (result)  «  endl 

} 

//  make  sure  the  connection  is  closed 
mc_obj  ->mc_close  ( )  ; 

return  result; 

} 

int  main(int,  char  *  []  )  { 

mc_obj  =  new  mshn_com()  ; 
msl_obj  =  new  mshn_sl(); 

resource_cert_check  =  CERT__NONE; 

int  result  =  msl_obj ->mshn_sl_init  ( "dummy  file")  ; 

if  (result  1=  MSHN^OK)  { 

err_out  =  msl_obj ->mshn_sl_show_error  (result)  ; 
cout  «  "mshn_sl__init  "  <<  err_out  «  endl; 
mshn_free  (err_out,  NULL)  ; 

}else{ 

//  Get  the  shared  symmetric  key  for  encryption/decryption 
read__data  (&sym_key,  key_fname,  BUFF_SIZE); 

do^register  (msl_obj , 

resource_id, 
resource_cert , 

&passphrase, 
resource_comm_sec , 
resource_cert_check) ; 

/ /  now  receive  and  handle  incoming  scheduling  requests 
while  (result  ==  MSHN_OK)  { 
result  =  handle_request 0 ; 
update_rss  ()  ; 
update_rrd{)  ; 

} 

} 

return  0; 

} 
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F 


MSHN  COM.H 


**********■*’■*'******************'*’***  **************** 

/ /***************************************************** 

//  File:  mshn_com.h 
//  Name:  David  Shifflett 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95 /Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 

//  Description:  TCP/IP  socket  communication  services  for  MSHN  components 
! y***************************************************** 

#ifndef  _MSHN_COM_H 
#define  _MSHN_COM_H 

#include  <winsock.h> 
iinclude  <iostream.h> 

//  MSHN  CommTxnications  layer  class 


//  State  definitions 

#define  MSHN_COM_OK  -2001 
#define  MSHN_COM_CONNECTING  -2002 
tdefine  MSHN_COM_CONNECTED  -2003 
#define  MSHN_C0M_B0UND  -2004 
#define  MSHN_COM_ACCEPTING  -2005 
#define  MSHN_COM_DNINITIALIZED  -2006 

//  State  definitions 

#define  MSHN_DNINITIAI.IZED_STATE  20001 
#define  MSHN_INITIALIZED_STATE  20002 
#define  MSHN_BOUND_STATE  20003 
#define  MSHN_ACCEPTING_STATE  20004 
#define  MSHN_CONNECTING_STATE  20005 
#define  MSHN_CONNECTED_STATE  20006 


class  mshn_com  { 

//  Class  data 
protected: 

SOCKET  our_socket ; 

int  our_port ; 

char  *  our_addr ; 

int  our_state; 

int  socket_state ; 
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public: 

mshn_coTn  { )  ; 


protected: 

//  This  constructor 
Tnshn_com  { 

SOCKET 

int 


is  only  to  be  used  for 

the_socket , 
the_state)  ; 


*  accepted  connections* 


pxiblic: 

virtual  -mshn_com  ( )  ; 

//  This  function  will  create  a  socket  and  wait  for  an  incoming 
//  connection  on  the  specified  port. 

//  The  accepted  connection  will  be  available  for  sending/receiving 
//on  the  returned  'mshn_com'  object. 

//  The  *mshn_com*  object  that  does  the  accept  should  not  be  used 
//  for  sending/receiving,  it  should  be  used  only  for  accepting 
//  more  connections, 
int  mc_accept  { 

const  char  *label, 
int  port , 

mshn_com  **new_conn) ; 

//  This  function  will  create  a  socket  and  wait  until  it  can  connect 
//  with  a  socket  at  the  specified  address,  on  the  specified  port. 

//  After  successful  connection  the  'rashn_com*  object  can  be  used 
//  for  sending/receiving, 
int  mc_connect  ( 

const  char  *addr, 
int  port) ; 

//  This  function  will  send  data  via  the  connected  socket. 

//  The  number  of  bytes  sent  will  be  returned, 
int  mc_send  ( 

const  char  *data, 

int  len, 

int  Scbytes_sent)  ; 

//  This  function  will  receive  data  via  the  connected  socket. 

//  The  *len*  parameter  should  specify  the  size  of  the  *data*  buffer. 
//  The  number  of  bytes  recevied  will  be  returned, 
int  mc_recv  ( 

char  *data, 

int  len, 

int  &bytes_received) ; 

//  This  function  will  close  the  socket, 
int  mc_close  {)  ; 

//  This  function  will  display  the  current  object. 
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^stream)  ; 


void  mshn_com:  :mc_display  ( 

ostream 

//  This  fiinction  will  return  a  description  of  the  error, 
char  *mshn_coTn:  :mc__get_error  ( 

int  err_num) ; 

protected: 

//  This  function  is  used  to  set  the  class  to  a  clean,  uninitialized 
state 

void  mc_cleanup()  ; 

}; 

#endif 


G.  MSHN_COM.CPP 

//********★******************************************** 

/ /***************************************************** 

//  File :  mshn_com . cpp 
//  Name:  David  Shifflett 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  TCP/IP  socket  communication  services  for  MSHN  components 

j /***************************************************** 

#include  <stdio.h> 

#include  ,<dos.h>  //  for  sleep 

#include  *'mshn__com .  h” 

#include  ” showutil . h” 

//  Default  WinSock  Version  (1.1) 

#define  WS_VERSION_REQD  0x0101 

WSADATA  stWSAData;  //  WinSock  DLL  Info 

mshn_com ;  :  mshn_com  ( ) 

{ 

our_socket  =  INVALID_SOCKET ; 

our_port  =  0 ; 

our_addr  =  NULL; 

our_state  =  MSHN_UNINITIALIZED_STATE; 

SOcket_state  =  MSHN_UNINITIALIZED_STATE; 

} 
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mshn_com:  :mshn_com( 

SOCKET  the_socket , 

int  the_state) 

{ 

our_socket  =  the_socket ; 

our_port  =  0; 

our__addr  =  NULL  ; 

our_state  =  MSHN_INITIALIZED_STATE; 

socke testate  =  the_state; 

} 

mshn_coni :  :  -mshn_com  ( ) 

{ 

mc_cleanup ( ) ; 

} 

/ /  This  function  will  create  a  socket  and  wait  for  an  incoming 
//  connection  on  the  specified  port. 

//  The  accepted  connection  will  be  available  for  sending/receiving 
//  on  the  returned  'mshn_com*  object. 

//  The  'mshn_com*  object  that  does  the  accept  should  not  be  used 
//  for  sending/receiving,  it  should  be  used  only  for  accepting 
//  more  connections, 
int  mshn_com :  :  mc_accept  ( 

const  char  *label, 
int  port , 

mshn_com  **new_conn) 

{ 

int  result  =  MSHN_COM_OK; 

*new_conn  =  NULL; 

#if  defined  (DEBUG_MSHN_C0M1) 

cout  <<  "Accepting  connections  on  port:  "  <<  port  <<  endl; 

#endif 

/ /  Make  sure  we  are  in  the  right  state 
if  (our_socket  !=  INVALID_SOCKET)  { 
switch  (socket_state)  { 

case  MSHN_BOXnJD_STATE :  { 

result  =  MSHN_COM_BOUND; 

break; 

} 

case  MSHN_ACCEPTING_STATE :  { 

result  =  MSHN_COM_ACCEPTING; 

break ; 

} 

case  MSHN_C0NNECT1NG_STATE:  { 

result  =  MSHN_COM_CONNECTING; 

break; 

} 

case  MSHN_CONNECTED_STATE :  { 
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result  =  MSHN_COM_CONNECTED; 

break ; 

} 

} 

mc_cleanup  ( )  ; 


//  Make  sure  it  is  ok  to  proceed,  and  that  we  aren*t  already  accepting 
if  (result  ==  MSHN_COM_OK)  { 

if  (our_State  ==  MSHN_UNINITIALIZED_STATE)  { 

//  Initialize  Windows  Sockets  DLL 

result  =  WSAStartup(WS_VERSION_REQD,  &stWSAData)  ; 

//  WSAStartupO  returns  error  value  if  failed 
//  (0  on  success) 

if  (result  ==  0)  result  =  MSHN_COM_OK; 
if  (result  ==  MSHN_C0M_0K)  { 


#if  defined  (DEBUG_MSHN__COM) 

cout  <<  "wVersion  "  <<  stWSAData. wVersion  <<  endl; 

cout  <<  "wHighVersion  "  <<  stWSAData. wHighVers ion  <<  endl; 

cout  <<  "szDescription  "  <<  stWSAData. szDescription  <<  endl; 

cout  <<  "szSystemStatus  "  <<  stWSAData. sz Systems t a tus  <<  endl; 

cout  <<  "iMaxSockets  "  <<  stWSAData . iMaxSockets  <<  endl; 

cout  <<  "iMaxUdpDg  "  <<  stWSAData . iMaxUdpDg  <<  endl; 

cout  <<  "IpVendorInfo  *'  <<  stWSAData. IpVendor Info  <<  endl; 

#endif 


our_state  =  MSHN_INITIALIZED_STATE; 

} 

} 

} 


if  (result  ==  MSHN_COM_OK)  { 

//  Get  a  TCP  socket 
#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "About  to  create  a  socket"  <<  endl; 

#endif 

our_socket  =  socket  (AF_INET,  SOCK_STREAM,  IPPROTO_TCP) ; 
if  (our_socket  ==  INVALID_SOCKET)  { 
result  =  WSAGetLastError 0 ; 
mc_cleanup ( ) ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Invalid  socket:  "  <<  result  <<  endl; 

#endif 

}else{ 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "socket  ("  <<  our_socket  <<  ")"  <<  endl; 

#endif 

//  save  the  inputs  in  our  class 
our_port  =  port; 

SOCket_state  =  MSHN_ACCEPTING_STATE ; 


//  Now  bind  the  socket 
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struct  sockaddr  the__addr; 

int  namelen  =  sizeof  (the__addr)  ; 

u_short  teTnp_port  =  htons  (ourj)ort)  ; 

memset  { the_addr .  sa__data,  0 ,  sizeof  ( the_addr .  sa_data) )  ; 
memcpy  ( the_addr .  sa_da t a ,  &temp__port ,  s  i  zeof  { t emp_j>or t ) )  ; 
the_addr  .sa_family  =  AF_INET; 

result  =  bind(our__socket ,  &the_addr,  namelen)  ; 
if  (result  ==  0)  result  =  MSHN_C0M_0K; 
if  (result  !=  MSHN_C0M_0K)  { 
result  =  WSAGetLastError  ( )  ; 
mc_cleanup ( ) ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "bind  returns:  "  <<  result  <<  endl; 

#endif 

}else{ 

socket_State  =  MSHN_BOUND_STATE; 

} 

} 

} 

//  Make  sure  it  is  ok  to  proceed 
if  (result  ==  MSHN_COM_OK)  { 

//  make  our  socket  non-blocking 
U_long  lOnOff  =  TRUE; 

result  =  ioctlsocket (our_socket,  FIONBIO,  alOnOff ) ; 
if  (result  ==  0)  result  =  MSHN_COM__OK; 
if  (result  !=  MSHN_COM_OK)  { 
result  -  WSAGetLastError 0 ; 
mc_cleanup ( ) ; 

#if  defined  (DEBUG_MSHN__COM) 

cout  <<  "ioctlsocket  returns:  "  <<  result  <<  endl; 

#endif 

} 

} 

//  Make  sure  it  is  ok  to  proceed  with  the  accepting 
if  (result  ==  MSHN_COM_OK)  { 

//  Now  its  time  to  listen  for  connections 
result  =  listen (our_socket,  0) ; 
if  (result  ==  0)  result  =  MSHN_COM_OK; 
if  (result  !=  MSHN_COM_OK)  { 
result  =  WSAGetLastError ( ) ; 
mc_cleanup ( ) ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  «  "listen  returns:  "  «  result  «  endl; 

#endif 

}else{ 

SOCKET  child__socket  ; 
struct  sockaddr  child__addr; 
int  child_len  =  sizeof (child_addr) ; 
socket  state  =  MSHN  ACCEPTING_STATE ; 
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//  Display  the  label  to  tell  the  user  what  is  happening 
cout  <<  endl  <<  "Accepting  connections  from  "  <<  label 
<<  "  on  port  "  <<  port  «  endl; 


#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "About  to  accept"  <<  endl; 

#endif 

do  { 

child_socket  =  accept (our_socket,  &child_addr,  &child_len) ; 
if  {child_socket  ==  INVALID_SOCKET)  { 
result  =  WSAGetLastError ( ) ; 

if  (result  ==  WSAEWOULDBLOCK)  { 


#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "sleeping"  <<  endl; 

#endif 

sleep (2) ; 

}else( 

#if  defined  (DEBUG_MSHN_COM) 
cout  <<  result  <<  endl; 


#endif 


// 

//  Need  to  do  something  about  other  errors  here 

// 

mc_cleanup ( ) ; 


} 

}else{ 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Accept  returns  ("  <<  child_socket  «  ")"  <<  endl; 


#endif 


} 


} 


result  =  MSHN_COM_OK; 

*new_conn  =  new  mshn_com(child_socket, 
MSHN  CONNECTED  STATE) ; 


} 

}  while  (result  ==  WSAEWOULDBLOCK); 


return  result; 

} 

//  This  function  will  create  a  socket  and  wait  lantil  it  can  coimect 
//  with  a  socket  at  the  specified  address,  on  the  specified  port. 

//  After  successful  connection  the  'mshn_com'  object  can  be  used 
//  for  sending/receiving, 
int  mshn_com:  :mc_connect  ( 

const  char  *addr, 
int  port) 

{ 

int  result  =  MSHN_COM__OK; 
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#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Attempting  a  connection  to  {"  <<  addr  <<  ")  on  port  (" 

<<  port  <<  <<  endl; 

#endif 

//  Make  sure  we  are  in  the  right  state 
if  {{our_socket  !=  INVALID_SOCKET)  || 

(socket_state  i=  MSHN_UNINITIALIZED_STATE)  )  { 

switch  (socke testate)  { 

case  MSHN_BOUND_STATE :  { 

result  =  MSHN_COM_BOUND; 

break; 

} 

case  iy!SHN_ACCEPTING_STATE :  { 

result  =  MSHN_COM_ACCEPTING; 

break ; 

} 

case  MSHN_CONNECTING_STATE :  { 

result  =  MSHN_COM_CONNECTING; 

break ; 

} 

case  MSHN_CONNECTED_STATE :  { 

result  =  MSHN_COM_CONNECTED; 

break ; 

} 

} 

mc_cleanup ( ) ; 

} 

//  Make  sure  it  is  ok  to  proceed 
if  (result  ==  MSHN_COM_OK)  { 

if  (our_State  ==  MSHN_UNINITIALIZED_S.TATE)  { 

//  Initialize  Windows  Sockets  DLL 

result  =  WSAStartup(WS_VERSION_REQD,  astWSAData)  ; 

//  WSAStartupO  returns  error  value  if  failed  (0  on  success) 
if  (result  ==  0)  result  =  MSHN_COM_OK; 
if  (result  ==  MSHN_COM_OK)  { 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "wVersion  "  <<  stWSAData. wVersion  <<  endl; 

cout  <<  "wHighVersion  "  <<  stWSAData. wHighVers ion  <<  endl; 

cout  <<  "szDescription  "  <<  stWSAData. szDescription  <<  endl; 

cout  <<  "szSystemStatus  "  <<  stWSAData. szSystemStatus  <<  endl; 

cout  <<  "iMaxSockets  "  <<  stWSAData. iMaxSockets  <<  endl; 

cout  <<  "iMaxUdpDg  "  <<  stWSAData . iMaxUdpDg  <<  endl; 

cout  <<  "IpVendorInfo  "  <<  stWSAData . IpVendor Inf o  <<  endl; 

#endif 

OUr_state  =  MSHN_INITIALIZED_STATE; 

} 

} 

} 
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//  Make  sure  it  is  ok  to  proceed 
if  (result  ==  MSHN_COM_OK)  { 

//  Get  a  TCP  socket 

our_socket  =  socket  (AF_INET,  SOCK_STREAM,  0) ; 
if  (our_socket  ==  INVALID_SOCKET)  { 
result  =  WSAGetLastError ( ) ; 
mc_cleanup { ) ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  «  "Invalid  socket:  "  <<  result  <<  endl; 

#endif 

}else{ 

Socket_State  =  MSHN_CONNECTING_STATE ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "socket  ("  <<  our_socket  <<  ")"  «  endl; 

#endif 

} 

} 

//  Make  sure  it  is  ok  to  proceed 
if  (result  ==  MSHN__COM_OK)  { 

//  save  the  inputs  in  our  class 
our_port  =  port; 
our_addr  =  strdup (addr) ; 

struct  sockaddr__in  the_addr_in; 
memset  (&the_addr_in,  0,  sizeof  {the_addr_in) )  ; 
the_addr_in.  sin_port  =  htons(our_port); 
the_addr_in.sin_family  =  AF_INET; 

the_addr__in .  sin_addr .  s_addr  =  inet_addr  (our_addr )  ; 

int  the_len  =  sizeof  (the_addr_in)  ; 

//  Now  its  time  to  make  a  connection 
#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "About  to  connect"  <<  endl; 

#endif 

result  =  connect (our_socket,  (struct  sockaddr  *) 
athe_addr_in,  the_len) ; 
if  (result  ==  0)  result  =  MSHN_C0M__0K; 
if  (result  !=  MSHN_COM_OK)  { 
result  =  WSAGetLastError 0 ; 
mc_cleanup() ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "connect  returns;  "  <<  result  <<  endl; 

#endif 

}else{ 

socke  testate  =  MSHN_CONNECTED_STATE; 

} 

} 

return  result; 

} 
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//  This  function  will  send  data  via  the  connected  socket. 
//  The  number  of  bytes  sent  will  be  returned, 
int  mshn_com:  :mc_send  ( 

const  char  *data, 

int  len, 

int  &bytes_sent) 

{ 

int  result  =  MSHN_COM_OK; 
bytes__sent  =  0; 

//  Make  sure  we  are  in  the  right  state 
if  {socket_state  !=  MSHN_CONNECTED_STATE)  { 
switch  (socket_state)  { 

case  MSHN_BOIMD_STATE :  { 

result  =  MSHN_COM_BOUND; 

break ; 

} 

case  MSHN_ACCEPTING_STATE :  { 

result  =  MSHN_COM_ACCEPTING; 

break ; 

} 

case  MSHN_CONNECTING_STATE :  { 

result  =  MSHN_COM_CONNECTlNG; 

break; 

} 

case  MSHN_UNINITIALIZED_STATE :  { 

result  =  MSHN_COM_UNINITIALIZED; 

break ; 

} 

} 

mc_cleanup  0  ; 

} 

//  Make  sure  it  is  ok  to  proceed 
if  (result  ==  MSHN_C0M_0K)  { 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Sending  ("  <<  len  <<  ")  bytes."  <<  endl; 

#endif 

result  =  send(our_socket,  data,  len,  0) ; 
if  (result  <  0)  { 

result  =  WSAGetLastError { ) ; 
mc_cleanup { ) ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "send  returns:  "  <<  result  <<  endl; 

#endif 

}else{ 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Sent  ("  <<  result  <<  ")  bytes."  <<  endl; 

#endif 

bytes_sent  =  result; 
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result  =  MSHN_COM_OK; 

} 

} 

return  result; 

} 

//  This  function  will  receive  data  via  the  connected  socket. 

//  The  *len*  parameter  should  specify  the  size  of  the  *data*  buffer 
//  The  number  of  bytes  recevied  will  be  returned, 
int  mshn_com:  :mc_recv  ( 

char  *data, 

int  len, 

int  &bytes_received) 

{ 

int  result  =  MSHN_COM_OK; 
bytes__received  =  0; 

//  Make  sure  we  are  in  the  right  state 
if  (socket_state  !=  MSHN_CONNECTED_STATE)  { 
switch  (socket_state)  { 

case  MSHN_BODND_STATE :  { 

result  =  MSHN_C0M_B0UOT); 

break ; 

} 

case  MSHN_ACCEPTING_STATE :  { 

result  =  MSHN_COM_ACCEPTING; 

break ; 

} 

case  MSHN_CONNECTING_STATE :  { , 

result  =  MSHN_COM_CONNECTING; 

break ; 

} 

case  MSHN_t]NINITIALIZED_STATE:  { 

result  =  MSHN_COM_DNINITIALIZED; 

break ; 

} 

} 

mc_cleanup  ( )  ; 

} 

//  Make  sure  it  is  ok  to  proceed 
if  (result  ==  MSHN_COM_OK)  { 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Waiting  to  receive  ("  <<  len  <<  ")  bytes."  «  endl; 

#endif 

//  Now  read  some  data  from  the  other  side 
do  { 

result  =  recv (our_socket ,  data,  len,  0)  ; 
if  (result  <  0)  { 

result  =  WSAGetLastError ( ) ; 
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#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "recv  error:  "  <<  result; 

if  {result  ==  WSAEWOULDBLOCK)  cout  «  ",  WSAEWOtJLDBLOCK" ; 
cout  <<  ",  sleeping"  <<  endl; 

#endif 

sleep (1) ; 

}else{ 

#if  defined  (DEBUG_MSHN_COM) 

show_jpointer ( (uintS  *)data,  result,  "Received  bytes") ; 

#endif 

bytes_received  =  result; 
result  =  MSHN_COM_OK; 

} 

}  while  (result  ==  WSAEWOULDBLOCK) ; 

} 

return  result; 

} 

//  This  function  will  close  the  socket, 
int  tnshn_com:  rmc^close  () 

{ 

int  result  =  MSHN_COM_OK; 
if  (our_socket  !=  INVALID_SOCKET)  { 
closesocket (our_socket) ; 

#if  defined  (DEBUG_MSHN_COM) 

cout  <<  "Closed  socket  ("  <<  our_socket  «  ")."  <<  endl; 
#endif 
} 

our_socket  =  INVALID_SOCKET ; 

SOCket_State  =  MSHN_UNINITIALIZED_STATE; 
return  result; 

} 

//  This  f inaction  will  display  the  current  object, 
void  mshn_com;  :mc_display  ( 

ostream  &stream) 

{ 

char  *state_char; 

if  (our^socket  ==  INVALID_SOCKET)  { 

stream  <<  "We  don't  have  a  socket."  <<  endl; 

}else{ 

stream  <<  "Our  socket  is  ("  <<  our_socket  <<  ")."  <<  endl; 

} 

stream  <<  "Our  port  is  ("  <<  our_port  <<  ")."  «  endl; 
if  (our_addr  ==  NULL)  { 

stream  <<  "We  don't  have  an  address."  <<  endl; 

}else{ 

stream  <<  "Our  address  is  ("  <<  our  addr  <<  ")."  <<  endl; 
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switch  (socke testate)  { 

case  MSHN__UNINITIALIZED_STATE:  { 
state_char  =  "Uninitialized” ; 
break ; 

} 

case  MSHN_BOUND_STATE :  { 
state_char  =  "Boimd"  ; 
break ; 

} 

case  MSHN_ACCEPTING_STATE :  { 
state_char  =  "Accepting"; 
break ; 

} 

case  MSHN_CONNECTING_STATE :  { 
state_char  =  "Connecting"; 
break ; 

} 

case  MSHN_CONNECTED_STATE :  { 
state_char  =  "Connected"; 
break ; 

} 

} 

Stream  <<  "Our  current  state  is  ("  <<  state_char  << 

<<  endl  <<  endl; 

} 

//  This  function  will  return  the  MSHN_COM  error  condition. 

char  *mshn_com:  :mc__get_error  ( 

int  err_num) 

{ 

char  ^result  =  NULL; 
switch  (err_num)  { 

case  MSHN_COM_OK:  { 

result  =  strdupC'No  error")  ; 
break; 

} 

case  MSHN_COM_CONNECTING:  { 

result  =  strdupC'MSHN  COM  is  connecting, 

this  is  an  invalid  state  for  the  desired  operation."); 

break ; 

} 

case  MSHN_COM_CONNECTED :  { 

result  =  strdupC'MSHN  COM  is  connected,  this  is  an 
invalid  state  for  the  desired  operation."); 
break; 

} 

case  MSHN_COM_BOUND :  { 

result  =  strdupC'MSHN  COM  is  bound,  this  is  an 
invalid  state  for  the  desired  operation . " ) ; 
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break ; 


} 

case  MSHN_COM_ACCEPTING :  { 

result  =  strdup ( "MSHN  COM  is  accepting,  this  is  an 
invalid  state  for  the  desired  operation."); 
break ; 

} 

case  MSHN_COM_ONINITIALIZED:  { 

result  =  strdup ("MSHN  COM  is  uninitialized,  this  is  an 
invalid  state  for  the  desired  operation."); 
break ; 

} 

default :  { 

result  =  (char  *)malloc(80); 

sprint f  (result ,  "Unknown  error  (%d)",  err__num)  ; 
break; 

} 

} 

return  result; 

} 

//  This  function  is  used  to  set  the  class  to  a  clean, 

//  uninitialized  state 
void  mshn^cotn :  :  mc_cleanup  ( ) 

{ 

//  close  the  socket 
Tnc_close  0  ; 

if  (our__addr  NULL)  { 
delete (our_addr) ; 

} 

if  (our_State  ==  MSHN_INITIALIZED_STATE)  { 

/ /  say  good-by  to  WinSock  DLL 
WSACleanup ( ) ; 

OUr_state  =  MSHN_DNINITIALIZED_STATE; 

} 

} 


H.  COMMUTIL.H 

I /***************************************★************* 
//  File:  comrautil.h 

//  Name:  David  Shifflett  &  Roger  Wright 

// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95 /Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
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// 

//  Description:  MSHN  cotranunication  utility  functions 
//*****************★*********************************** 

iifndef  _COiyiMUTIL_H 
#define  _COMMUTIL_H 

#include  ”mshn_types , h" 

#include  ”mshn_com . h " 

#include  ”mshn_sl . h” 

#include  *'mshn_def s .  h" 

//  This  function  will  read  from  the  specified  file  into  the 
//  specified  mshn_data  type 
int  read_data { 

mshn_data  *new__data , 

const  char  *filename, 

int  buff_size)  ; 

//  This  function  will  write  the  specified  data  to  the  specified  file 
int  write_data  ( 

const  mshn_data  *new_data, 

const  char  *filename) ;  . 

//  This  fiinction  will  write  the  specified  data  to  the  REQUEST  DB 
int  add_to_req_db  ( 

const  char  *the_fname, 
const  mshn__data  *user_id, 
int  comm_sec, 
int  reguest_id, 
const  mshn_data  *sess_key)  ; 

//  This  function  will  find  and  return  the  REQUEST  DB  info 
//  for  the  specified  request_id 
int  get_f rom^req^db ( 

const  char  *the_fname, 
int  desired_req_id, 

mshn_data  *user_id, 
int  &comm_sec , 

mshn_data  *sess_key)  ; 

//  This  function  will  bundle  up  two  mshn_data  types  and  send 
//  them  out  the  supplied  connection, 
int  send__2_data  ( 

mshn_com  *mc__ob  j , 

const  mshn__data  *dtl, 

const  char  *dtl_label, 

const  mshn__data  *dt2 , 

const  char  *dt2__label, 

int  5JDytes_sent)  ; 
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//  This  fimction  will  bundle  up  three  mshn_data  types  and  send 
//  them  out  the  supplied  connection, 
int  send_3_data  ( 

mshn_com  *mc_obj , 

const  mshn__data  *dtl, 

const  char  *dtl_label, 

const  mshn_data  *dt2 , 

const  char  *dt2_label, 

const  mshn_data  *dt3, 

const  char  *dt3_label, 

int  5i)ytes_sent)  ; 

//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  two  mshn_data  types, 
int  recv_2__data  ( 

mshn__com  *mc_ob  j , 

mshn_data  *dtl, 

char  *dtl_label, 

mshn_data  *dt2 , 

char  *dt2__label, 

int  &bytes_rec)  ; 

//  This  function  will  receive  data  from  the  supplied  connection  and 

//  break  it  into  three  mshn_data  types, 
int  recv_3_data  ( 

mshn_com  *mc_ob  j , 

mshn__data  *dtl, 

char  *dtl_label, 

mshn_da t a  *  dt  2 , 

char  *dt2_label, 

mshn_data  *dt3, 

char  *dt3_label, 

int  &bytes_rec)  ; 

//  This  fimction  will  bimdle  up  an  integer  and  3  mshn_data  types  and 
//  send  them  out  the  supplied  connection, 
int  send__int_3_data  ( 

mshn_com  *mc_obj , 

int  itl, 

const  char  *itl__label, 

const  mshn_data  *dtl, 

const  char  *dtl_label, 

const  mshn_data  *dt2, 

const  char  *dt2_label, 

const  mshn__data  *dt3, 

const  char  *dt3_label, 

int  &bytes_sent)  ; 

//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  an  integer  and  3  mshn_data  types. 
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int  recv_int_3__data  ( 

Tnshn_com  *mc_ob  j , 

int  *itl, 

char  *itl_label, 

mshn^data  *dtl, 

char  *dtl__label, 

mshn_data  *dt2 , 

char  *dt2_label , 

mshn_data  *dt3 , 

char  *dt3_label, 

int  &bytes_rec)  ; 

//  This  function  will  bundle  up  an  integer  and  4  mshn_data  types  and 
//  send  them  out  the  supplied  connection, 
int  s  end_int_4_da  t  a  ( 

mshn_com  *mc_ob  j , 

int  itl, 

const  char  *itl__label/ 

const  mshn_data  *dtl, 

const  char  *dtl_label, 

const  mshn_data  *dt2, 

const  char  *dt2_label/ 

const  mshn_data  *dt3 , 

const  char  *dt3_label, 

const  mshn_data  *dt4 , 

const  char  *dt4__label, 

int  &bytes_sent)  ; 


//  This  fiinction  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  an  integer  and  4  mshn_data  types, 
int  recv_int_4_data  ( 

mshn_com  *mc_ob  j , 

int  *itl, 

char  *itl_label, 

mshn_data  *dtl, 

char  *dtl_label, 


mshn_data 

char 

mshn__data 

char 

mshn_data 

char 

int 


*dt2, 

*dt2_label, 

*dt3, 

*dt3_label, 

*dt4, 

*dt4_label, 
&bytes_rec)  ; 


//  This  function  will  bundle  up  6  mshn_data  types  and  send 
//  them  out  the  supplied  connection, 
int  send_6_data ( 

mshn_com  *mc_obj , 

const  mshn_data  *dtl, 

const  char  *dtl_label, 

const  mshn  data  *dt2. 
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const  char 
const  mshn_data 
const  char 
const  mshn_data 
const  char 
const  mshn_data 
const  char 
const  mshn__data 
const  char 
int 


*dt2_label, 

*dt3, 

*dt3_label, 

*dt4, 

*dt4_label, 

*dt5, 

*dt5_label/ 

*dt6, 

*dt6_label, 
&bytes_sent)  ; 


//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  6  mshn_data  types. 


int 


recv_6_data ( 

mshn_com 

mshn_data 

char 

mshn_data 

char 

mshn_data 

char 

mshn_data 

char 

mshn_data 

char 

mshn_data 

char 

int 


*mc_ob  j , 
*dtl, 

*dtl_label, 

*dt2, 

*dt2_label, 

*dt3, 

*dt3_label , 
*dt4, 

*dt4_label , 
*dt5, 

*dt5_label, 

*dt6, 

*dt6_label, 
&bytes_rec)  ; 


//  Convert  from  a  mshn^token  structure  to  a  mshn_data  structure 
void  token_to_mshn_data  ( 

const  mshn__token  the_token, 
mshn  data  *the_data)  ; 


//  Convert  from  a  mshn__data  structure  to  a  mshn_token  structure 
void  mshn__data__to_token  ( 

const  mshn_data  *the_data, 

mshn_token  *the_token) ; 

//  obtains  the  user  ID,  certificate,  passphrase,  communications 
//  security  option  and  certificate  validation  level  from  the  user 
// 

int  do_register  {mshn_sl  *msl_obj  , 

mshn_data  &user_id, 
mshn__data  &:user_cert , 
char  **passphrase, 
comm_security  &com_sec_option, 
cert_checking  &cert_valid_level) ; 

//  checks  the  given  certificate  for  authenticity 
int  do  cert  check (mshn  si  *the  si. 
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#endif 


cert_checking  c_check, 
mshn  data  *the  cert) ; 


I .  COMMUTIL . CPP 

//  Written  by  David  Shifflett  and  Roger  Wright 

// 

# include  <iostream.h> 

#include  <stdlib.h> 

#include  <stdio.h> 

#include  <f stream. h> 

#include  <conio.h> 

# inc lude  " mshn_er r . h " 

# inc lude  " mshn_mem . h " 

# inc lude  " commut i 1 . h " 

const  int  BUFF_SIZE  =  1024; 

//  Internal  function  for  copying  integers  to  a  buffer 
void  add_int (unsigned  char  **new_buf f_ptr,  int  the_int) 

{ 

memcpy (*new_buff_ptr,  &the_int,  sizeof (the_int) ) ; 

*new_buff_ptr  +=  sizeof {the_int) ; 

} 

//  Internal  function  for  copying  mshn_data  structures  to  a  buffer 
void  add_mshn_data (unsigned  char  **new_buf f_ptr, 

const  mshn_data  *the_data) 

{ 

memcpy  ( *new__buf f^tr ,  &the_data-  >the_length, 
sizeof  (the__data”>the_length) )  ; 

*new_buff _ptr  +=  sizeof  (the_da t a- >the_length)  ; 
if  {the_data->the__length  >0)  { 

memcpy  ( *new_buf f_j>tr ,  the_data- >the__data,  the_data- >the_length) 
*new_buff_ptr  +=  the_data->the_length; 

} 

} 

//  Internal  function  for  copying  integers  from  a  buffer 
void  get_int  (xinsigned  char  **new_buf f_ptr,  int  *the_int) 

{ 

memcpy ( the_int ,  *new_buf f_ptr,  sizeof (the_int) ) ; 

*new_buff_ptr  +=  sizeof (the_int) ; 

} 
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//  Internal  function  for  copying  mshn_data  structures  from  a  buffer 
void  get_mshn_data  (iinsigned  char  **new_buff_ptr,  mshn_data  *the_data) 

{ 

memcpy  ( &:the__data- >the_length,  *new_buf f__ptr , 
sizeof  (the__data->the_length)  )  ; 

*new__buf  f_ptr  +=  sizeof  (the_data->the_length)  ; 
if  {the_data->the_length  >  0)  { 

the__data->the_data  =  (unsigned  char  *) 

mshn_malloc  (the_data->the_length,  NULL)  ; 
memcpy  (the_data-*>the___data,  *new__buff_ptr,  the_data->the_length)  ; 
*new_buff_ptr  +=  the_data~>the__length; 

}else{ 

the_data->the_data  =  NULL; 

} 

} 

//  This  function  will  read  from  the  specified  file  into  the  specified 
/  /  mshn_data  type 

int  read_data  {mshn_data  *new_data,  const  char  *filename,  int  buff  size) 

{  ■ 
int  result  =  MSHN_OK; 

//  Clean  out  the  outputs 
new_data->the_data  =.  NULL; 
ne w_da t  a - >  the_l engt h  =  0 ; 

new_data->the_data  =  (unsigned  char  *)mshn_malloc  (buff_size,  NULL)  ; 
//  Now  read  the  key  from  a  file 
FILE  *inputFile; 
int  idx=0; 

if  ( (inputFile  =  f open (filename,  "rb"))  1=  NULL) 

{ 

//  cout  <<  "Read  from  file"  <<  endl; 
while  ( 1 feof (inputFile) )  { 

new_data->the_data [idx]  =  fgetc (inputFile) ; 

//  cout  <<  "  "  <<  (int)  new_data->the_data [idx] ; 

//  if  ( (idx>0)  &&  ((idx  %  19)  ==  0))  cout  <<  endl; 
idx++ ; 

if  (idx  ==  buff_size)  { 

cout  <<  "buffer  overflow  on  read,  truncating  at  " 

<<  idx  <<  "  bytes"  <<  endl; 

break ; 

} 

} 

} 

f close (inputFile)  ; 

new__data->the_length  =  idx  -  1;  //  ignore  eof  byte 

//  cout  «  endl  <<  "read  length  is  "  <<  new_data->the_length  «  endl; 
return  result; 

} 
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//  This  fxmction  will  write  the  specified  data  to  the  specified  file 
int  write_data (const  mshn_data  *new_data,  const  char  *filename) 

{ 

int  result  =  MSHN_OK; 

//  Now  write  the  data  to  a  file 
FILE  *outputFile; 

if  { (outputFile  =  fopen (filename,  "wb"))  !=  NULL) 

{ 

//  cout  «  "Write  to  file"  «  endl; 

for  (int  idx  =  0;  idx<  new_data->the_length;  idx++)  { 
fputc (new_data->the_data [idx] ,  outputFile) ; 
j  j  cout  <<  "  "  (int)  new  data'">the  data  [idx]  ; 

//  if  ((idx>0)  &&  ((idx  %  19)  ==  0))  cout  «  endl; 

} 

} 

f close (outputFile) ; 

II  cout  <<  endl  <<  "write  length  is  "  <<  new _ data~>the  length  <<  endl; 

return  result; 

} 


//  This  function  will  write  the  specified  data  to  the  REQUEST  DB 
/ /  The  format  of  the  REQUEST  DB  will  be : 

/ /  comm_sec , request_id , 

//  'length  of  user  id'user_id 

//  'length  of  sess_key ' sess_key 

// 


int  add_to_req_<^(<^°^st  char 

const  mshn_data 

int 

int 

const  mshn  data 


*the_fname, 
*user_id, 
comm_sec , 
request_id, 
*sess_key) 


{ 

int  result  =  MSHN_OK; 

//  Now  write  the  data  to  a  file 
FILE  *outputFile; 

if  ((outputFile  =  fopen (the_f name,  "ab"))  !=  NULL) 

fprintf (outputFile,  "%d,%d,%d",  comm_sec,  request_id, 
user_id->the_length) ; 

//  cout  <<  "Wrote  "  <<  comm_sec  «  "  "  <<  request_id  «  "  " 
<<  user_id->the_length  <<  endl; 
for  (int  idx  =  0;  idx<  user_id->the_length;  idx++)  { 
fputc (user_id->the_data [idx] ,  outputFile) ; 

fprintf (outputFile,  "%d",  sess_key->the_length) ; 
//  cout  <<  "Wrote  "  <<  sess_key->the_length  <<  endl; 

for  (int  idx  =  0;  idx<  sess_key->the_length;  idx++)  { 
fputc (sess_key->the_data [idx] ,  outputFile) ; 

} 
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} 


} 

f close (outputFile) ; 
return  result; 


//  This  function  will  find  and  return  the  REQUEST  DB  info 
//  for  the  specified  request_id 

int  get__from_req_db  (const  char  *the_fname,  int  desired^req^id, 

mshn^data  *user__id,  int  &coTnm_seC/ 
mshn_data  *sess_key) 

{ 

int  result  =  MSHN_OK; 
int  request_id,  c_sec; 
unsigned  int  temp_len; 


//  Clean  out  the  outputs 
user_id- >the_data  =  NULL; 
user_id~>the_length  =  0; 
sess__key->the_data  =  NULL; 
sess_key~  >the_length  =  0 ; 
comm  sec  =  -*1; 


FILE  *inputFile; 
int  found=0; 

if  ((inputFile  =  f open (the_f name,  "rb”))  1=  NULL) 

{ 

while  (  ( 1  found)  &&  ( i  feof  (inputFile)  ) )  { 

fscanf (inputFile,  ”%d,%d,%d",  &c_sec,  &request_id, 
&temp_len)  ; 

//  cout  <<  "Read  "  <<  c_sec  <<  ”  ”  <<  request_id  <<  "  "  <<  temp_len 
<<  endl; 

if  (request_id  ==  desired_req_id)  { 

//we  found  it,  read  the  data,  and  output  it 
found  =  1; 
comm_sec  =  c_sec; 
user_id->the__length  =  temp_len; 
user_id->the_data  =  (unsigned  char  *) 

mshn__malloc  (temp_len,  NULL)  ; 
for  (int  idx  =  0;  idx<  temp_len;  idx++)  { 

user_id->the_data [idx]  =  fgetc (inputFile) ; 

} 

fscanf  (inputFile,  ”%d”,  '  &temp_len)  ; 

//  cout  <<  "Read  "  <<  temp_len  <<  endl; 

sess_key->the_length  =  temp_len; 
sess_key->the_data  =  (unsigned  char  *) 

mshn_malloc  (temp_len,  NULL)  ; 
for  (int  idx  =  0;  idx<  temp_len;  idx++)  { 

sess__key->the_data  [idx]  =  fgetc  (inputFile)  ; 

} 

}else{ 
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} 


//  simply  skip  to  the  next  record 

for  (int  idx  =  0;  idx<  temp_len;  idx++) 
fgetc (inputFile) ; 


} 

fscanf  (inputFile,  "%d'',  &terap_len)  ; 
for  (int  idx  =  0;  idx<  temp_len;  idx++) 
fgetc (inputFile) ; 

} 


} 

} 

} 

f close (inputFile)  ; 
if  ('found)  result  =  -1; 
return  result; 


{ 

{ 


//  This  function  will  bundle  up  two  mshn_data  types  and  send 
//  them  out  the  supplied  connection. 


int 


send_2_data  ( 

mshn^com 
const  mshn_data 
const  char 
const  mshn_data 
const  char 
int 


*mc_ob j , 
*dtl, 

*dtl_label, 

*dt2, 

*dt2__label, 

&bytes_sent) 


{ 

int  result  =  MSHN_COM_OK; 

int  total_length  =  dtl->the_length  +  dt2->the_length  + 

sizeof  (unsigned  int) 

cout  <<  "total  length  "  <<  total_length  <<  endl; 
mshn_data  new_buff; 

new  buf f .  the_length  =  total__length; 
new_buff .  the_data  =  (iinsigned  char  *) 

mshn__malloc  (total_length,  NULL)  ; 
unsigned  char  *new__buf f__ptr  =  new^buf f .  the__data; 
add_mshn_dat a  ( toew__buf  f  ___pt r ,  dt  1 )  ; 
add_mshn_dat a  ( &new_buf  f _pt r ,  dt 2 )  ; 


* 


2; 


cout  <<  "Sending  everything;  "  <<  new_buf f . the_length 
<<  "  bytes."  <<  endl; 

result  =  me  obj->mc_send(new__buff  .the_data,  new^buf f .  the^length, 
bytes_sent)  ; 


if  (result  ==  MSHN_COM_OK)  { 

cout  «  "Sent  ("  «  bytes_sent  « 
cout  «  dtl_label  <<  "  length  (" 

<<  endl; 

cout  <<  dt2_label  <<  "  length  (" 

<<  endl; 

}else{ 


" )  bytes . "  <<  endl ; 

<<  dtl-'>the_length  <<  ")  bytes." 

<<  dt2->the_length  <<  ")  bytes." 
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cout  <<  "me  send; 


”  <<  mc_obj~>mc_get_error (result)  <<  endl; 

} 

mshn_free (new_buff . the_data,  NULL) ; 
return  result; 

} 

//  This  function  will  bundle  up  three  mshn__data  types  and  send 
//  them  out  the  supplied  connection, 
int  send_3_data ( 

mshn___com  *mc_ob  j , 

const  mshn_data  *dtl, 

const  char  *dtl_label, 

const  mshn_data  *dt2 , 

const  char  *dt2_label , 

const  mshn_data  *dt3 , 

const  char  *dt3_label/ 

int  &bytes_sent) 

{ 

int  result  =  MSHN_COM_OK; 

int  total_length  =  dtl->the_length  +  dt2->the__length 

+  dt3->the__length  +  sizeof  (unsigned  int)  *  3; 
cout  <<  "total  length  "  <<  total_length  <<  endl; 
mshn_data  new__buff; 

new__buff .  the_length  =  total__length; 
new__buff .  the_data  =  (unsigned  char  *) 

mshn_malloc (total_length,  NULL) ; 
tinsigned  char  *new_buff__ptr  =  new__buf f .  the_data; 
add_mshn_data  ( anew_buf  f _pt  r ,  dt  1 )  ; 
add_mshn__data  ( &new_buf  f  t r ,  dt 2 )  ; 
add_mshn_data  ( 6Uiew_buf  f_ptr ,  dt3 )  ; 

cout  <<  "Sending  everything:  "  <<  new_buf f , the_length  <<  "  bytes." 

<  <  endl ; 

result  =  rac_ob j  -  >mc_send  (new_buf  f .  the_data ,  new_buf  f .  the__length, 
bytes_sent) ; 

if  (result  ==  MSHN_COM_OK)  { 

cout  <<  "Sent  ("  <<  bytes_sent  <<  ")  bytes."  <<  endl; 
cout  <<  dtl_label  <<  "  length  ("  <<  dtl->the_length  <<  ")  bytes." 
«  endl ; 

cout  <<  dt2__label  <<  "  length  ("  <<  dt2~>the_length  <<  ")  bytes." 
<<  endl; 

cout  «  dt3_label  <<  "  length  ("  <<  dt3->the_length  <<  ")  bytes." 
<<  endl; 

}else{ 

cout  <<  "mc_send:  "  <<  mc_obj - >mc_get_error (result)  <<  endl; 

} 

mshn_f  r ee  ( new_buf  f .  the_da t a ,  NULL )  ; 
return  result; 

} 
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//  This  fimction  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  two  mshn_data  types, 
int  recv  2  data ( 


mshn_com 

mshn_data 

char 

mshn_data 

char 

int 


*mc_ob j , 
*dtl, 

*dtl__label, 

*dt2, 

*dt2_label, 

&bytes_rec) 


{ 

int  result  =  MSHN_COM_OK; 
//  Clean  out  the  outputs 
dtl->the_data  =  NULL; 
dt2 - >the_data  =  NULL; 
dtl->the_length  =  0; 
dt2->the_length  =  0; 
mshn  data  new  buff; 


new_buf f . the_data  =  (tinsigned  char  *) 

mshn_malloc (BUFF_SIZE  *  16,  NULL); 
new_buf f . the_length  =  BUFF_SIZE  *  16; 

result  =  mc_obj->mc_recv(new_buff .the_data,  new_buff .the_length, 
bytes_rec) ; 


imsigned  char  *new_buff_ptr  =  new_buff.the_data; 
get_mshn_data  (£inew_buff_ptr,  dtl)  ; 
get_mshn_data ( snew_buf f  jit r ,  dt2 ) ; 


} 


if  (result 
cout  << 
cout  << 
<< 

cout  <  < 
<< 

}else{ 

cout  <  < 

} 


==  MSHN_COM_OK)  { 

"Received  (”  <<  bytes__rec  <<  ")  bytes."  <<  endl; 
dtl_label  <<  "  length  (”  <<  dtl->the__length  <<  ")  bytes 
endl  ; 

dt2_label  <<  "  length  ("  «  dt2->the_length  <<  ")  bytes 
endl  ; 

"me  recv:  "  <<  mc_obj ->mc_get_error (result)  <<  endl; 


return  result; 


//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  three  mshn_data  types, 
int  re  c v_3  _da  t  a  ( 

mshn  com  *mc_ob  j  , 


mshn__data 

char 

mshn_data 

char 

mshn  data 


*dtl, 

*dtl_label, 

*dt2, 

*dt2_label, 

*dt3. 
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char 
int 

{ 

int  result  =  MSHN_COM_OK; 

//  Clean  out  the  outputs 
dtl->the_data  =  NULL; 
dt2->the_data  =  NULL; 
dt3->the_data  =  NULL; 
dtl->the_length  =  0; 
dt2->the_length  =  0; 
dt3->the_length  =  0; 
mshn_data  new_buff; 

new_buff .  the_data  =  (unsigned  char  *) 

mshn_malloc  (BUFF_SIZE  *  16,  NULL); 
new^buf  f .  the^length  =  BUFFOS  I ZE  *  16; 

result  =  Tnc__obj->mc_recv(new_buff .  the_data,  new_buff  •the_length, 
bytes_rec)  ; 

unsigned  char  *new_buf f_ptr  =  new_buf f .  the_data; 
get__mshn_data  ( &new_buf  f  j)tr ,  dtl)  ; 
get_mshn_data  (&new_buff_ptr,  dt2)  ; 
get_mshn_data  ( &new_buf  f _ptr ,  dt3 )  ; 

if  (result  ==  MSHN_C0M_0K)  { 

cout  <<  "Received  ("  <<  bytes_rec  «  ")  bytes.”  <<  endl; 
cout  <<  dtl_label  <<  "  length  ("  <<  dtl->the_length  <<  ")  bytes 
<<  endl; 

cout  <<  dt2_label  <<  "  length  (”  <<  dt2->the_length  <<  ”)  bytes 
<<  endl; 

cout  «  dt3_label  «  "  length  ("  «  dt3->the_length  <<  ")  bytes 
<<  endl; 

}else{ 

cout  <<  "mc_recv:  "  <<  mc_obj->mc_get_error (result)  <<  endl; 

} 

return  result; 

} 

//  This  function  will  bxindle  up  an  integer  and  3  mshn__data  types  and 
//  send  them  out  the  supplied  connection, 
int  send_int_3_data { 

mshn__com  *mc_ob  j , 

int  itl, 

const  char  *itl_label, 

const  mshn_data  *dtl, 

const  char  *dtl_label, 

const  mshn_data  *dt2 , 

const  char  *dt2_label, 

const  mshn_data  *dt3 , 

const  char  *dt3  label. 


*dt3__label, 

&bytes__rec) 
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{ 


int 


&bytes_sent) 


int  result  =  MSHN_COM_OK; 

int  total_length  =  sizeof(int)  +  dtl->the_length  +  dt2->the_length 

+  dt3->the_length  +  sizeof (unsigned  int)  *  3; 
cout  <<  "total  length  "  <<  total_length  <<  endl; 
mshn_data  new_buff; 

new_buf f . the_length  =  total_length; 

new_buf f . the_data  =  (unsigned  char  *)inshn_malloc (total_length,  NOLL) 

lansigned  char  *new_buff_ptr  =  new_buff.the_data; 

add_int (&new_buff_ptr,  itl); 

add_mshn_data  (6inew_buff_ptr,  dtl)  ; 

add_mshn_data ( &new_buf  f_ptr ,  dt2 ) ; 

add_mshn_data (&new_buff_j)tr,  dt3)  ; 

cout  <<  "Sending  everything;  "  «  new_buff .the_length  <<  "  bytes." 

<<  endl; 

result  =  mc_obj->mc_send(new_buff  .the_data,  new_buf f .  the_length, 
bytes_sent) ; 

if  (result  ==  MSHN_COM_OK)  { 

cout  <<  "Sent  ("  <<  bytes_sent  «  ")  bytes."  «  endl; 
cout  <<  itl_label  <<  "  ("  <<  itl  «  ")"  <<  endl; 

cout  <<  dtl_label  <<  "  length  ("  <<  dtl->the_length  <<  ")  bytes." 
<<  endl; 

cout  «  dt2_label  <<  "  length  ("  «  dt2 - >the_length  «  ")  bytes." 
<<  endl; 

cout  <<  dt3_label  <<  "  length  ("  <<  dt3 - >the_length  <<  ")  bytes." 
<<  endl; 

}else{ 

cout  <<  "mc_send:  "  <<  mc_obj ->mc_get_error (result)  <<  endl; 

} 

mshn_f ree (new_buf f . the_data,  NULL) ; 
return  result; 

} 

//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  an  integer  and  3  mshn_data  types, 
int  recv_int_3_data  ( 

mshn_com  *mc_obj , 

int  *itl, 

char  *itl_label, 

mshn_data  *dtl, 

char  *dtl_label, 

mshn_data  *dt2 , 

char  *dt2_label, 

ms  hn_dat a  *  dt  3 , 

char  *dt3__label, 

int  &bytes_rec) 
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int  result  ==  MSHN_COM_OK; 
//  Clean  out  the  outputs 
*itl  =  -1; 

dtl->the_data  =  NULL; 
dt2~>the_data  =  NULL; 
dt3->the_data  =  NULL; 
dtl->the_length  =0; 
dt2->the_length  =  0; 
dt3->the_length  =  0; 
mshn  data  new_buff; 


new_buff . the^data  =  (unsigned  char  *) 

mshn_malloc (BUFF_SIZE  *  16,  NULL); 
new_buf f . the_length  =  BUFF_SI2E  *  16; 

result  =  mc_obj->Tnc_recv(new_buff .  the_data,  new_buff .  the_length, 
bytes_rec)  ; 


unsigned  char  *new_buf f_ptr  =  new_buf f ,  the_data; 
get_int (&new_buff j)tr,  itl) ; 
get_mshn_data  (&new_buff__ptr,  dtl)  ; 
ge t_mshn_data  ( &new_buf  f _p t r ,  dt 2 )  ; 
get_mshn_data  ( &new_buf  f _p t r ,  dt  3 )  ; 


if  (result 

==  MSHN_COM_OK) 

cout 

<< 

"Received 

(" 

<< 

cout 

<< 

itl_label 

<< 

11 

cout 

<< 

dtl_label 

<< 

11 

<< 

endl  ; 

cout 

<< 

dt2_label 

<< 

II 

<< 

endl  ; 

cout 

<< 

dt3_label 

<< 

II 

<< 

endl  ; 

}else{ 

cout 

<< 

"me  reev: 

II 

<<  1 

} 

return  result; 


("  <<  *itl  «  <<  endl; 


//  This  function  will  biandle  up  an  integer  and  4  mshn_data  types  and 
//  send  them  out  the  supplied  connection, 
int  send  int  4  data ( 


mshn_< 

int 

com 

*mc_ob j , 
itl, 

const 

char 

*itl_label. 

const 

mshn_data 

*dtl. 

const 

char 

*dtl_label. 

const 

mshn_data 

*dt2, 

const 

char 

*dt2_label , 

const 

mshn__data 

*dt3. 

const 

char 

*dt3_label. 
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const  mshn_data  *dt4, 

const  char  *dt4_label , 

int  &bytes_sent) 

int  result  =  MSHN_COM_OK; 

int  total_length  =  sizeof(int)  +  dtl->the_length  +  dt2->the_length 

+  dt3->the_length  +  dt4->the_length  +  sizeof (unsigned  int)  *  4 
cout  <<  "total  length  "  «  total_length  «  endl; 
inshn_data  new_buff; 

new_buf f . the_length  =  total_length; 
new_buf f .  the_data  =  (iinsigned  char  *) 

mshn_nialloc  {total_length,  NULL)  ; 
unsigned  char  *new_buf f_ptr  =  new_buff.the_data; 
add_int (&new_buff_ptr,  itl); 
add_inshn_data  {&new_buff_ptr,  dtl)  ; 
add_mshn_data  ( saiew_buf  f _ptr ,  dt2 ) ; 
add_mshn_data ( &new_buf f  j)tr ,  dt3 ) ; 
add_mshn_data  { &new_buf  f _jptr ,  dt4 )  ; 

cout  <<  "Sending  everything:  "  <<  new_buf f . the_length  <<  "  bytes." 

<<  endl; 

result  =  mc_obj->mc_send(new_buff .the_data,  new_buff .the_length, 
bytes_sent) ; 


} 


if  (result 

==  MSHN_COM_OK) 

{ 

cout 

<< 

"Sent  {"  - 

<<  ! 

bytes__sent 

<< 

”) 

bytes."  <<  endl 

/ 

cout 

<< 

itl_label 

<< 

II 

(" 

<< 

itl  <<  ") "  <<  endl 

cout 

<< 

dtl_label 

<< 

II 

length 

(" 

<< 

dtl - >the_length 

<< 

<< 

endl  ; 

cout 

<< 

dt2_label 

<< 

II 

length 

(" 

<< 

dt2 - >the_length 

<< 

<< 

endl  ; 

cout 

<< 

dt3__label 

<< 

II 

length 

(" 

<< 

dt3 - >the_length 

<< 

<< 

endl ; 

cout 

<< 

dt4__label 

<< 

II 

length 

{" 

<< 

dt4 - >the_length 

<< 

<< 

endl  ; 

}else| 

cout 

<< 

"mc^send: 

M 

<< 

mc_ob j - 

>mc 

:_get_error  (result) 

<< 

" )  bytes . 
” )  bytes . 
” )  bytes . 
” )  bytes . 

endl ; 


} 

nishn_f  ree  (new^^buf  f .  the_data ,  NULL)  ; 
return  result; 


If 


II 


II 


II 


//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  an  integer  and  4  mshn_data  types. 


int  recv_int_4__data  { 

mshn_com 

int 

char 

mshn_data 

char 


*mc__ob  j , 
*itl, 

*itl_label, 

*dtl, 

*dtl  label. 
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mshn_data 

char 

mshn_data 

char 

mshn_data 

char 

int 

{ 

int  result  =  MSHN_COM_OK; 
//  Clean  out  the  outputs 
*itl  =  -1; 

dtl->the_data  =  NULL; 
dt2->the_data  =  NULL; 
dt3->the_data  =  NULL; 
dt4->the_data  =  NULL; 
dt  1  “  >  the__length  =  0  ; 
dt2->the_length  =  0; 
dt 3 - > the_length  =  0 ; 
dt4->the_length  =  0; 
tnshn_data  new_buff; 


*dt2, 

*dt2_label , 
*dt3, 

*dt3_label , 
*dt4, 

*dt4_label, 

&bytes_rec) 


new_buf f . the_data  =  (unsigned  char  *) 

mshn_malloc  (BUFF_SIZE  *  16,  NULL)  ; 
new_buf f . the_length  =  BUFF_SIZE  *  16; 

resul t  =  mc_ob j  -  >mc__recv  ( new_buf f .  the_data ,  new_buf f .  the_length , 
bytes_rec) ; 

unsigned  char  *new_buff__ptr  =  new_buff.the_data; 
get_int (&new_buf f_ptr,  itl) ; 
get_mshn_data  ( &new_buf  f _ptr ,  dtl )  ; 
get_mshn_da ta  ( &new_buf  f _pt r ,  dt 2 )  ; 
get_mshn_data  ( &new_buf f _ptr ,  dt 3 )  ; 
get__mshn_data  ( fi^ew_buf  f  _ptr ,  dt4 )  ; 


if  (result 

==  MSHN_COM_OK) 

{ 

cout 

<< 

"Received 

(" 

<< 

:  bytes_ 

rec 

<<  ")  bytes."  <<  endl; 

cout 

<< 

itl_label 

<< 

It 

<< 

*itl  «  ")"  «  endl; 

cout 

<< 

dtl__label 

<< 

It 

length 

('■ 

<< 

dtl- >the_length 

«  ") 

bytes . " 

<< 

endl ; 

cout 

<< 

dt2_label 

<< 

If 

length 

(" 

<< 

dt2 - > the_length 

<<  ") 

bytes . " 

<< 

endl  ; 

cout 

<< 

dt3_label 

<< 

It 

length 

(" 

<< 

dt3 - >the_length 

<<  ") 

bytes . " 

<< 

endl  ; 

cout 

<< 

dt4_label 

<< 

It 

length 

(" 

<< 

dt4 - > the_length 

«  ") 

bytes . " 

<< 

endl  ; 

}else{ 

cout 

<< 

"mc__recv: 

II  , 

<< 

mc_ob  j  - 

>inc 

_get_error (result) 

<<  endl; 

} 

return  result; 

} 
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//  This  function  will  bundle  up  6  mshn_data  types  and  send 
//  them  out  the  supplied  connection, 
int  send  6  data { 


mshn__com 

*mc_ob j , 

const 

mshn_data 

*dtl. 

const 

char 

*dtl_label, 

const 

mshn_data 

*dt2. 

const 

char 

*dt2_label , 

const 

mshn_data 

*dt3. 

const 

char 

*dt3_label , 

const 

mshn_data 

*dt4. 

const 

char 

*dt4_label , 

const 

mshn_data 

*dt5. 

const 

char 

*dt5_label , 

const 

mshn_data 

*dt6. 

const 

int 

char 

*dt6_label , 
&bytes_sent) 

int  result  =  MSHN_COM_OK; 

int  total_length  =  dtl->the_length  +  dt2->the_length  + 
dt3*->the_length  +  dt4->the_length  +  dt5'->the_length  + 
dt6->the_length  +  sizeof (unsigned  int)  *  6; 
cout  <<  "total  length  "  <<  total^length  <<  endl; 
mshn_data  new_buff; 

new_buff .  the_length  =  total__length; 

new_buff .  the_data  =  (unsigned  char  *)mshn_malloc  (total_length,  NULL)  ; 

unsigned  char  *new_buf f_ptr  =  new_buff  .the__data; 

add_mshn_data  ( &new__buf  f _pt  r ,  dt  1 )  ; 

add_mshn_data  t  &new_buf  f _pt  r ,  dt 2 )  ; 

add_mshn_da t a  ( &new_buf  f _p t  r ,  dt  3 )  ; 

add_mshn_data  ( &new_buf f _ptr ,  dt4); 

add_mshn_dataL  (&new_buff_ptr,  dt5)  ; 

add_mshn_dat a  ( &new_buf  f _p t  r ,  dt 6 )  ; 


cout  <<  "Sending  everything:  ”  <<  new_buf f . the_length  <<  "  bytes." 
<<  endl; 

result  =  mc_obj  “>mc_send(new_buf f .  the_data,  new_buff .  the_length, 
bytes_sent)  ; 


if  (result 

==  MSHN_COM_ 

OK) 

{ 

cout 

<< 

"Sent  ("  - 

<< 

bytes__sent 

<< 

:  ") 

bytes.”  <<  endl 

cout 

<< 

dtl__label 

<< 

II 

length 

(" 

<< 

dt  1 - > the_length 

<< 

") 

bytes. 

<< 

endl  ; 

cout 

<< 

dt2_label 

<< 

11 

length 

(" 

<< 

dt2 - >the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt3_label 

<< 

II 

length 

(" 

<< 

dt3 - >the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt4_label 

<< 

II 

length 

(" 

<< 

dt4 - >the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt5_label 

<< 

It 

length 

(" 

<< 

d 1 5 - > the_l eng t h 

<< 

") 

bytes . 
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<<  endl; 

cout  <<  dt6_label  <<  "  length  (”  <<  dt6->the_length  <<  ")  bytes.” 
<<  endl; 

}else{ 

cout  <<  "mc_send:  ”  <<  mc_obj ->mc_get__er r or  (result)  <<  endl; 

} 

mshn_f  ree  (new_buf  f .  the_data,  NULL)  ; 
return  result; 

} 

//  This  function  will  receive  data  from  the  supplied  connection  and 
//  break  it  into  6  mshn_data  types, 
int  recv  6  data { 


mshn__com 

*mc_ob j , 

mshn_data 

*dtl. 

char 

*dtl_label. 

mshn_data 

*dt2. 

char 

*dt2_label. 

mshn_data 

*dt3. 

char 

*dt3_label. 

mshn_data 

*dt4. 

char 

*dt4_label , 

mshn_data 

*dt5, 

char 

*dt5_label. 

mshn_data 

*dt6 , 

char 

*dt6_label, 

int 

&bytes_rec) 

int  result  =  MSHN_COM_OK; 

//  Clean 

out  the  outputs 

dtl->the^ 

data 

=  NULL; 

dt2  -  >the_ 

^data 

=  NULL; 

dt3->the_ 

_data 

=  NULL; 

dt4->the_ 

data 

=  NULL; 

dt5->the_ 

^data 

=  NULL; 

dt6->the 

data 

=  NULL; 

dtl->the_length  =  0; 
dt2->the_length  =  0; 
dt3 - >the_length  =  0; 
dt4->the_length  =  0; 
dt5- >the_length  =  0 ; 
dt6->the_length  =  0; 
mshn__data  new_buff; 

new_buff .  the_data  =  (\insigned  char  *) 

mshn_malloc(BUFF_SIZE  *  16,  NULL); 
new_buff .  the_length  =  BUFF_SIZE  *  16; 

result  =  mc_ob j  - >mc_recv  (new_buf f .  the_data ,  new_buf f .  the_length, 
bytes_rec)  ; 
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xmsigned  char  *new_buf f_j>tr  =  new_buff .  the__data; 
get_mshn_data ( &new_buf f _ptr ,  dt 1 ) ; 
get_mshn_data ( &new_buf f _ptr ,  dt 2 ) ; 
get_mshn_data  ( &:new__buf  f _pt r ,  dt3 )  ; 
get_mshn_data { &new_buf f _p t r ,  dt4 ) ; 
get_mshn__data  (&new_buff _jptr,  dtS)  ; 
get_mshn_data  { &new__buf  f _ptr ,  dt6 )  ; 


if  (result 

==  MSHN_COM_ 

OK) 

{ 

cout 

<< 

"Received 

{" 

<< 

:  bytes_ 

rec 

:  <<  ")  bytes."  <<  endl 

■  / 

cout 

<< 

dtl_label 

<< 

II 

length 

'(" 

<< 

dtl- >the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt2_label 

<< 

II 

length 

(" 

<< 

dt2 - >the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt3_label 

<< 

It 

length 

(" 

<< 

dt3 - >the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt4_label 

<< 

ti 

length 

{" 

<< 

dt4 - >the_length 

<< 

'•) 

bytes . 

<< 

endl  ; 

cout 

<< 

dt5_label 

<< 

It 

length 

{" 

<< 

dt 5 - > the_length 

<< 

") 

bytes . 

<< 

endl  ; 

cout 

<< 

dt6_label 

<< 

II 

length 

(" 

<< 

dt 6 - >the_length 

<< 

") 

bytes. 

<< 

endl  ; 

}else{ 

cout 

<< 

"mc_recv: 

tt 

<< 

mc_ob  j  - 

>mc 

_get_error (result) 

<< 

endl ; 

} 

return  result; 

} 

//  Convert  from  a  mshn_token  structure  to  a  mshn_data  structure 

void  token_to_mshn_data  ( 

const  mshn_token  the_token, 
mshn_data  *the_data) 

{ 

the_data-‘>the_length  =  sizeof  (the_token.reguest_id)  + 
the_token.job_session_key.the_length; 
the_data- >the_data  =  (unsigned  char  *) 

mshn__mal  1  oc  ( t he_dat a  -  >  the_l  eng th ,  NULL )  ; 
memcpy  (the_data* >the_data,  &  (the_token . request_id)  , 
sizeof (the_token.request_id) ) ; 
memcpy  (the_data->the_data  +  sizeof  (the_token.request_id)  , 
the_token .  j  ob_ses  s  ion_key .  the_da  t  a , 
the_token .  j  ob_session_key .  the_length)  ; 

} 

//  Convert  from  a  mshn_data  structure  to  a  mshn_token  structure 

void  mshn_data_to_token  ( 

const  mshn_data  *the_data, 
mshn_token  *the_token) 

{ 
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memcpy  (& (the__token->request_id)  ,  the_data->the_data, 
sizeof  (the_token->request__id) )  ; 

the_token->job__session_key. the_length  =  the_data->the_length  - 
sizeof (the_token->request_id) ; 
the_token~>job_session_key . the_data  =  (unsigned  char  *) 

mshn_malloc  {the_token->job_session_key.  the_length,  NULL)  ; 
memcpy (the_token-> job_session_key . the_data,  the_data->the_data 
sizeof  (the_token->request__id)  , 
the_token- > j ob_session_key .  the_length)  ; 


//  obtains  the  user  ID,  certificate,  passphrase,  communications 
//  security  option  and  certificate  validation  level  from  the  user 
// 

int  do_register  {mshn__sl  *msl_obj  , 

mshn_data  &user_id, 
mshn_data  &user_cert, 
char  **passphrase, 
comm_security  &com_sec_option, 
cert_checking  &cert_valid_level) 

{ 

int  result  =  0; 
char  response [80] ; 
char  *err_out; 

//  Clear  the  screen,  so  that  getpass  prompts  correctly 
clrscr  0 ; 

cout  <<  endl  <<  "Enter  your  certificate  name: 
cin.getline (response,  80) ; 

result  =  ms l_ob j - >mshn_sl_get_cert (response,  &user_cert) ; 

if  (result  i=:  MSHN_0K)  ( 

err_out  =  ms l_ob j ->mshn__sl_show_error  (result)  ; 

cout  «  ”mshn_sl_get_certificate  "  <<  err__out  «  endl; 

mshn_free (err_out,  NULL) ; 

} 

else  { 

cout  «  "Certificate  ok"  «  endl  <<  endl; 
user_id.the_length  =  strlen(response); 
user_id.the_data  =  (unsigned  char  *) 

rashn_malloc (user_id.the_length,  NULL) ; 
memcpy (user_id.the_data,  response,  user_id.the_length) ; 

♦passphrase  =  getpass ("Enter  the  pass  phrase 

for  your  private  key:  ") ; 


do  { 
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cout  <<  endl  << 
<<  endl; 


cout 

<< 

cout 

<< 

cout 

<< 

cout 

<< 

"Enter  the  communications  security  option: 

”  0  -  None"  <<  endl; 

"  1  -  Integrity"  <<  endl; 

"  2  “  Confidentiality”  <<  endl; 

"  3  -  Both"  <<  endl; 


cin. get line (response,  80)  ; 

while  (atoi (response)  <  0  1|  atoi (response)  >  3) ; 


com  sec_option  =  atoi (response) ; 

er  the  certificate  validation  level 

0  -  None"  <<  endl; 

1  -  Check  Authenticity"  <<  endl; 

2  -  Check  Revocation  List"  «  endl; 

3  -  Both"  <<  endl; 

cin.getline (response,  80); 
while  (atoi (response)  <  0  ||  atoi (response)  >  3); 
cert  valid_level  =  atoi (response) ; 


cout  <<  endl  <<  " 
<<  endl; 


cout 

<< 

It 

cout 

<< 

tl 

cout 

<< 

11 

cout 

<< 

It 

} 

return  result; 

} 


//  checks  the  given  certificate  for 
int  do_cert_check  (mshn_sl 

cert_checking 
mshn  data 


authenticity 

*the_sl, 

c_check, 

♦the  cert) 


int  result  =  MSHN_OK; 
char  *err  out; 


int  cert_valid,  cert_revoked; 

if  ( (c_check  ==  CERT_A'CJTH)  |  |  (c_check  ==  CERT_BOTH) )  { 

result  =  the_sl->mshn_sl_cert_verify (the_cert,  &cert_valid) ; 
if  (result  !=  MSHN_OK)  { 

err_out  =  the_sl->mshn_sl_show_error (result) ; 
cout  <<  "mshn_sl_cert_verify  "  <<  err_out  <<  endl; 
mshn_free(err_out,  NULL) ; 

}else{ 

if  (cert_valid  ==  MSHN_FALSE)  { 
result  =  MSHN_CERT_INVALID ; 

err  out  =  the_sl->mshn_sl_show_error (result); 
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} 


cout  <<  "mshn_sl_cert_verify  "  <<  err_out  <<  endl; 
mshn_f  r e e  ( e r r_out ,  NXILL )  ; 

} 

} 

if  (result  ==  MSHN_OK)  { 

if  ( (c_check  ==  CERT_REV)  | |  (c_check  ==  CERT_BOTH) )  { 

result  =  the_sl->mshn_sl_cert_revoked(the_cert, 
&cert__revoked)  ; 
if  (result  !=  MSHN_OK)  { 

err__out  =  the_sl->inshn_sl_show_error  (result)  ; 
cout  <<  "mshn_sl_cert_revoked  "  <<  err_out  <<  endl; 
mshn_free  (err_out ,  NULL)  ; 

}else{ 

if  (cert_r evoked  ==  MSHN__TRUE)  { 
result  =  MSHN_CERT_REVOKED; 

err_out  =  the_sl->mshn__sl_show_error  (result)  ; 
cout  <<  "mshn_sl__cert_revoked  ”  <<  err__out  <<  endl 
mshn_free (err_out,  NULL); 

} 

} 

} 

} 

return  result; 

} 


J.  MSHNUTIL.H 

//  MSHN  Utility  Fianction  Header  File 

//  Written  by  David  Shifflet  &  Roger  Wright 

// 

#ifndef  _MSHNUTIL_H 
#define  _MSHNDTIL_H 

void  MSHN_CSP_INIT(CSSM_LIST_PTR  pGUIDList, 

CSSM_MODtJLE_INFO_PTR  pinfo, 
CSSM_CSP_HANDLE  &hCSP) ; 

void  MSHN_CL_INIT  (CSSM_LIST_PTR  pGUIDList, 

CSSM_MODDLE_INFO_PTR  pInfo, 
CSSM_CL_HANDLE  &hCL) ; 

void  MSHN_DL_IN1T  (CSSM_LIST_PTR  pGUIDList, 

CSSM_MODULE_INFO_PTR  pinfo, 
CSSM_DL_HANDLE  &hDL, 
CSSM_DB_HANDLE  &hDS, 
char  *ds  names [] ) ; 
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CSSM_RETURN  MSHN_CSSM_1NIT { )  ; 

CSSM_KEY_PTR  MSHN_GenerateKey  {CSSM_CSP_HANDLE  hCSP, 

uint32  keySizeInBits, 
const  char*  passPhrase) ; 

CSSM_DATA_PTR  MSHN_EncryptData  (CSSM_CSP_HANDLE  hCSP, 

CSSM_DATA_PTR  pClear,  //  bits  to  encrypt 
CSSM_KEY_PTR  pKey) ; 

CSSM_DATA_PTR  MSHN_DecryptData  {CSSM_CSP_HANDLE  hCSP, 

”  CSSM_DATA_PTR  pEncrypted,  //  bits  to  decrypt 

CSSM_KEY_PTR  pKey) ; 

lllllllllllllllllllllllllllllllllllllllllllllllllllinilllllllllllllllll 

CSSM_RETURN  MSHN_GenerateKeyPair  (CSSM_CSP_HANDIiE  hCSP, 

CSSM_KEY_PTR  publicKey, 

CSSM_KEY_PTR  privateKey, 
char  *  ppassphrase) ; 

iiiiiiiiniiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii 

CSSM_DATA_PTR  MSHN_SignData  {CSSM_CSP_HANDLE  hCSP, 

CSSM_DATA_PTR  pClear,  //  bits  to  sign 

CSSM_KEY_PTR  pKey, 
char  *  password) ; 

IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIHI 

CSSM_BOOL  MSHN_VerifyData (CSSM_CSP_HANDLE  hCSP, 

CSSM_DATA_PTR  pSigned,  //  bits  to  verify 

CSSM_DATA_PTR  pClear, 

CSSM_KEY_PTR  pKey) ; 

IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIUIIIIIIIIIIIIIIIII 

CSSM_DATA_PTR  MSHN_DigestData (CSSM_CSP_HANDLE  hCSP, 

CSSM_DATA_PTR  pClearText) ; 

llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll 

CSSM_KEY_PTR  MSHN_GenerateDESKey {CSSM_CSP_HANDLE  hCSP, 

uint32  keySizeInBits) ; 

iiiiiiiiiiiiiiiniiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii 

CSSM_WRAP_KEY_PTR  MSHN_WrapKey (CSSM_CSP_HANDLE  hCSP, 

CSSM_KEY_PTR  psynonetricKey , 

CSSM_KEY_PTR  pmasterKey) ; 

IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIUIIIIIIIIIIIIIIIII 

CSSM_KEY_PTR  MSHN_UnwrapKey  (CSSM_CSP_HANDLE  hCSP, 

CSSM_WRAP_KEy_PTR  psymmetricKey, 

CSSM_KEY_PTR  pmasterKey) ; 


#endif 


K.  MSHNUTIL.CPP 

//  MSHN  Utility  Fiinction  Definitions 

//  Written  by  Roger  Wright  &  David  Shifflett 

// 


# include 
# include 
# include 
# include 
# include 
# include 
#include 
#include 
# include 


<iostream.h> 

<stdlib.h> 

<f stream. h> 
<mem .  h> 
<string,h> 
<cssm.h> 
"mshnUtil  .h” 
"mshn^mem.h” 
"showutil .h” 


#define  FALSE  0 
//cssm  memory  functions 

void  *  mshn_malloc  (uint32  size,  void  *allocRef) 

{ 

return (malloc (size) ) ; 

} 

void  mshn_free  (void  *mem_ptr,  void  *allocRef) 

{ 

if  (mem_j)tr  !=  NULL)  { 
free  (meni_ptr)  ; 

} 

return; 

} 

void  *  mshn_realloc  (void  *ptr,  uint32  size,  void  *allocRef) 

{ 

return (realloc (ptr,  size) ) ; 

} 

void  *  mshn_calloc  (uint32  num,  uint32  size,  void  *allocRef) 

{ 

return (calloc (num,  size) ) ; 

} 

CSSM_API_iyiEMORY_FUNCS  mem_fx  =  {mshn_malloc, 

mshn_free, 
mshn_realloc , 
mshn_calloc, 

NULL}; 
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//////////////////////////////////////////////////////////////////////// 
//  initialize  the  CSSM 
CSSM_RETUEN  MSHN_CSSM_INIT () 

{ 

CSSM_RETORN  ret; 

CSSM_VERSION  version; 

version.  Major  =  CSSM__MAJOR; 

version. Minor  =  CSSM_MINOR; 

ret  =  CSSM_Init  (Aversion,  &Tnem__fx,  NULL)  ; 

return  (ret)  ; 


IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIUIIIIIIIIIIIIIIIIIII 

II  MSHN  CSP  Initialization  Function 
// 

void  MSHN_CSP_INIT (CSSM_LIST_PTR  pGUIDList, 

CS  SM_MODULE_INFO_PTR  p Inf o , 

CSSM_CSP_HANDLE  &hCSP) 

{ 

hCSP  =  CSSM_INVALID_HANDLE ; 

pGUIDList  =  CSSM_ListModules {CSSM_SERVICE_CSP,  FALSE); 
if  (! pGUIDList) 

{ 

cout  «  "Error  listing  CSP  modules\n"; 

}else{ 

//  using  the  first  module 

pinfo  =  CSSM_GetModuleInfo (& {pGUIDList->Items [0] .GUID) , 

CSSM_SERVICE_CSP , 

CSSM_ALL_SDBSERVICES , 

CSSM  INFO  LEVEL  SUBSERVICE) ; 


if  (iplnfo) 

cout  <<  "Error  getting  CSP  module  info.\n"; 

}else{ 

hCSP  =  CSSM_ModuleAttach(&pGUIDList->Items [0] .GUID, 

&plnf o- >Vers ion , 

S:mem_fx, 

0,  //  sxibservice  id 

CSSM_SERVICE_CSP , 

0. 

0. 

0)  ; 

if  (hCSP==NULL)  { 

show_error ("CSP  CSSM_ModuleAttach" ) ; 

cout  <<  "CSP  Did  not  Initialize  OK  "  <<  endl; 

} 

//  free  module,  info  memory 
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CSSM  FreeModuleInfo (pinf o) ; 


} 

CSSM  FreeList (pGUIDList) ; 


return ; 

} 

iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiniiiiiiiiiiiiiiiiiiiiiiii 

II  MSHN  CL  Initialization  Function 
// 

void  MSHN_CL_INIT(CSSM_LIST_PTR  pGUIDList, 

CSSM_MODULE_INFO_PTR  pinfo, 

CSSM_CL_HANDLE  &hCL) 

{ 

hCL  =  CSSM_INVALID_HANDLE; 

pGUIDList  =  CSSM_ListModules (CSSM_SERVICE_CL,  FALSE) ; 
if  (! pGUIDList) 

{ 

cout  <<  "Error  listing  CL  modules\n" ; 

}else{ 

//  using  the  first  module 

pInfo  =  CSSM_GetModuleInfo(&(pGUIDList->Items[0] -QUID) , 

CSSM_SERVICE_CL , 

CSSM_ALL_SUBSERVICES , 

CSSM  INFO  LEVEL  ALL  ATTR) ; 


if  (Ipinfo) 

cout  «  "Error  getting  CL  module  info\n";' 

}else{ 

hCL  =  CSSM_ModuleAttach(&pGUIDList->Items [0] .GUID, 

&plnf o- >Vers ion , 

&mem_fx, 

0,  //  stibservice  id 

CSSM_SERVICE_CL , 

0, 

0, 

0)  ; 

if  (hCL==NDLL)  { 

show_error ( " CL  CSSM_ModuleAttach" ) ; 

cout  <<  "CL  Did  not  Initialize  OK  "  <<  endl; 

} 

//  free  module  info  memory 
CSSM_FreeModuleInfo (pinfo) ; 

} 

CSSM_FreeList (pGUIDList) ; 

} 

return; 

} 
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//////////////////////////////////////////////////////////////////////// 

//  MSHN  DL  Initialization  Function 

// 

void  MSHN_DL_INIT(CSSM_LIST_PTR  pGUIDList, 

CSSM_MODtJLE_INFO_PTR  pinfo, 

CSSM_DL_HANDLE  &hDL, 

CSSM_DB_HANDLE  &hDS, 
char  *ds_names [] ) 

{ 

hDL  =  CSSM_INVALID_HANDLE; 

pGUIDList  =  CSSM_ListModules  (CSSM_SERVICE_DL,  FALSE); 
if  {! pGUIDList) 

{ 

cout  <<  "Error  listing  DL  modules \n" ; 

}else{ 

//  using  the  first  module 

pinfo  =  CSSM_GetModuleInfo (& (pGUIDList- >Items [0] .GUID) , 

CSSM_SERVICE_DL , 

CSSM_ALL_SUBSERVICES , 

CSSM  INFO  LEVEL_ALL_ATTR) ; 


if  ( Ipinfo) 

{ 

cout  <<  "Error  getting  module  infoAn”; 

}else{ 

hDL  =  CSSM_ModuleAttach(&pGUIDList->Items [0]  .GUID, 

&pInfO‘->Version, 

&mem__fx, 

0,  //  subservice  id 

CSSiyi_SERVICE_DL , 

0, 

0, 

0)  ; 

if  (hDL==NULL)  { 

show__error  { "DL  CSSM_ModuleAttach" )  ; 

cout  <<  "DL  Did  not  Initialize  OK  "  <<  endl; 

}else{ 

//  now  display  the  data  store  names 
char  dbname[80]; 

//We  should  really  have  some  sort  of  loop  to  handle  all  the 
//  passed  in  names,  and  output  all  the  handles 
if  (ds_names[0]  ==  NULL)  { 

cout  <<  endl  <<  "Available  data  store  names"  <<  endl; 
show_datastore_names  {  {CSSM_DLSUBSERVICE_PTR) 

pinfo- >ServiceList->SiibServiceList)  ; 
cout  <<  endl  <<  "enter  one  of  the  above  names  "  <<  endl; 
cin.getline (dbname,  80) ; 

}else{ 
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strcpy (dbname,  ds_names [0] ) ; 

} 

//  Now  try  and  open  the  data  store 
CSSM_DB_ACCESS_TYPE  dbaccess; 
dbaccess.ReadAccess  =  CSSM_TRUE; 
dbaccess. WriteAccess  =  CSSM_TRDE; 
dbaccess. PrivilegedMode  =  CSSM_FALSE; 
dbaccess. Asynchronous  =  CSSM_FALSE; 

CSSM_DB_HA]SIDLE  db_hand  =  CSSM_DL_DbOpen  (hDL, 
dbname,  fidbaccess,  NULL,  NULL) ; 
if  {db_hand  ==  CSSM_INVALID_HANDLE)  { 
show_error ( "DL  CSSM_DL_DbOpen" ) ; 
cout  «  "Failed  to  attach  data  store"  «  endl; 

}else{ 

hDS  =  db_hand; 

} 

} 

//  free  module  info  memory 
CSSM_FreeModuleInfo (pinfo)  ; 

} 

CSSM_FreeList (pGUIDList) ; 

} 

return ; 

} 

//////////////////////////////////////////////////////////////////////// 

/ /  Generates  a  DES  symmetric  key  based  on  the  given  passphrase 

CSSM_KEY_PTR  MSHN_GenerateKey (CSSM_CSP_HANDLE  hCSP, 

uint32  keySizeInBits, 
const  char*  passPhrase) 

CSSM_RETURN  cssmstatus; 

CSSM_CC_HANDLE  hCC  =  NULL; 

CSSM_DATA  cssmPassPhrase; 

//  copy  passphrase  to  get  rid  of  const 

char  *  pLocalPassPhrase  =  NULL; 
pLocalPassPhrase  =  (char*)mem_fx.malloc_fxmc 
(strlen(passPhrase)  +1,NULL) ; 
strcpy  (pLocalPassPhrase , passPhrase) ; 

//  CSSMize  it 

cssmPassPhrase . Length  =  strlen (pLocalPassPhrase) ; 
cssmPassPhrase. Data  =  (unsigned  char*)  pLocalPassPhrase; 

CSSM_CRyPTO_DATA  passPhraseData; 
passPhraseData.CallbackID  =  0; 
passPhraseData. Callback  =  NULL; 
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passPhraseData.Param  =  &cssmPassPhrase; 


hCC 


CSSM  CSP 


CreateDeriveKeyContext (hCSP, 

CS SM_ALGID_MD5_PBE 
CSSM_ALGID_DES , 
keySizeInBits , 

0, 

NULL, 

NULL, 

&passPhraseData) ; 


//  CSP  handle 
,  //  alg  ID 
//  key  type 
//  key  size 
//  iteration  count 
//  salt 
//  seed 
//  passphrase 


if (hCC  ==  NULL) 

^  cout  <<  "Error  creating  key  generation  context”  «  endl; 

CSSM_ModuleDetach  (hCSP)  ; 
return  NULL; 

} 

CSSM_KEY_PTR  pKey  = 

(CSSM  KEY_PTR)inem_fx.malloc_func  (sizeof  (CSSM^KEY)  ,NULL)  ; 

//  setting  these  fields  to  NULL  will  tell  the  CSP  to  allocate  the 

//  memory  for  us 

pKey-  >KeyData .  Data  =  NULL  ; 

pKey- >KeyData . Length  =0; 

cssmstatus  =  CSSM_DeriveKey (hCC,  //  context  handle 

null,  //  base  key 
NULL,  //  params 
CSSM_KEyuSE_ANy,  //  usage 

CSSM  KEyATTR_RETURN_DEFAULT ,  / /  attributes 

null,  //  label 
pKey  ) ;  //  the  key 


CSSM  DeleteContext (hCC) ; 


if (cssmstatus  !=  CSSM_OK) 

^  cout  <<  "Error  creating  CSSM  key"  «  endl; 

return  NULL ; 

} 

return  pKey; 

} 


CSSM  DATA  PTR  MSHN_EncryptData (CSSM_CSP_HANDLE  hCSP, 
~  CSSM_DATA_PTR  pClear, 

CSSM_KEY_PTR  pKey) 

{ 


//  bits  to  encrypt 


CSSM  RETURN  cssmstatus; 
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CSSM_CC_HANDLE  hCC; 

CSSM_DATA  rernData; 
remData . Length  =  0; 
rernData . Data  =  0; 

//  this  is  the  return  value 
CSSM_DATA_PTR  pEncrypted  = 

(CSSM_DATA_PTR)mem_fx.malloc_func  (sizeof  (CSSM__DATA)  ,NULL)  ; 
pEnc2:*ypted->Data  =  NOLL; 
pEncrypted- >Length  =  0; 

hCC  =  CSSM_CSP__CreateSymTnetricContext  (hCSP, 

CSSM_ALGID__DES, 
CSSM_ALGM0DE_CBCPadIV8 , 
pKey, 

NULL,  //no  initial  vector 

CSSiyi_PADDING_PKCS5 , 

0  //  0  rounds 

); 

if  (hCC  ==  0) 

{ 

cout  <<  "Error  creating  decrypt  context”  <<  endl; 
return  NULL; 

} 

CSSiyi_QUERY_SIZE_DATA  queryData; 

queryData.SizeInputBlock  =  pClear->Length; 
queryData. SizeOutputBlock  =  0; 

CSSM_QuerySize (hCC, 

CSSM_TRUE,  //  for  encryption 
1,  //  1  block 

&queryData) ; 

//  allocate  memory  to  hold  the  encrypted  bits 
pEncrypted- >Length  =  queryData . SizeOutputBlock ; 
pEncrypted- >Data  =  (imsigned  char*) 

mem_fx.malloc_func  (queryData.  SizeOutputBlock, NULL)  ; 

unsigned  int  bytesEncrypted; 
cssmstatus  =  CSSM_EncryptData (hCC, 

pClear, 

1, 

pEncrypted, 

1/ 

&bytesEncrypted, 

&remData 

); 
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if (remData.Data  !=  NULL) 

{ 

mem_f X . f ree_f unc ( remData . Data , NULL) ; 

} 

CSSM  DeleteContext (hCC) / 


} 


if  (cssmstatus  i=  CSSM^OK) 

{ 

return  NULL; 

} 

else 

{ 

return  pEncrypted; 

} 


iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiniiiiiiiiiiniiiiiiiiiiiiiiiiiniiiiuii 

CSSM_DATA_PTR  MSHN_DecryptData  (CSSM_CSP_HANDLE  hCSP, 

CSSM_DATA_PTR  pEncrypted,  //  bytes  to  decrypt 

CSSM_KEY_PTR  pKey) 

{ 

CSSM_RETURN  cssmstatus; 

CSSM_CC_HANDLE  hCC; 

CSSM_DATA  remData; 
remData . Length  =  0; 
remData . Data  =  0 ; 


//  this  is  the  return  value 
CSSM_DATA_PTR  p Cl ear  = 

(CSSM_DATA_PTR)mem_fx.malloc_func  (sizeof  (CSSM_DATA)  ,NULL)  ; 
pClear~>Data  =  NULL; 
pClear ~  >Length  =  0 ; 

hCC  =  CSSM_CSP_CreateSymmetricContext  (hCSP, 

CSSM_ALGID_DES, 
CSSM__ALGMODE__CBCPadIV8 , 
pKey, 

NULL,  //no  initial  vector 
CSSM_PADDING_PKCS  5 ,  / /padding 

0  //  0  ro\ands 

)  ; 

if  (hCC  ==  0) 

{ 

cout  <<  "Error  creating  decrypt  context"  <<  endl; 
return  NULL; 

} 

CS  SM_QUERY_S I ZE_DATA  queryData ; 

queryData. SizelnputBlock  =  pEncrypted- >Length; 
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queryData.SizeOutputBlock  =  0; 


CSSM_QuerySize (hCC, 

CSSM_FALSE,  //  not  for  encryption 
1,  //I  block 

&queryData) ; 

//  allocate  memory  to  hold  the  decrypted  bits 
pClear->Length  =  queryData.SizeOutputBlock; 
pClear“>Data  =  (unsigned  char*) 

mem_fx,malloc_func  (queryData.SizeOutputBlock, NULL)  ; 

if (pClear->Data  ==  NULL) 

{ 

cout  <<  "Throw  Memory  Exception"  <<  endl; 

} 

unsigned  int  bytesDecrypted; 

cssmstatus  =  CSSM_DecryptData (hCC, 

pEncrypted, 

1/ 

pClear, 

1/ 

&bytesDecrypted, 

ScremData)  ; 


if (remData.Data  1=  NULL) 

{ 

mem_fx.  free_func  (remData.Data, NULL)  ; 

} 


} 


CSSM_DeleteContext (hCC) ; 

if  (cssmstatus  I-  CSSM^OK) 

{ 

cout  <<  "Error  decrypting  data”  <<  endl; 
return  NULL; 

} 

else 

{ 

return  pClear ; 

} 


//////////////////////////////////////////////////////////////////////// 

CSSM_RETURN  MSHN_GenerateKeyPair  (CSSM_CSP_HANDLE  hCSP, 

CSSM_KEY_PTR  publicKey, 

CSSM_KEY_PTR  privateKey, 
char  *  ppassphrase) 

{ 
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CSSM_RETURN  result  =  CSSM_OK; 

CSSM__CC_HANDLE  keyGenContext  =  NULL; 

seed; 
seedData; 
password; 
password__data  ; 

int  passphraseLength  =  0; 
passphraseLength  =  strlen(ppassphrase) ; 

cout  <<  "pass  phrase  length:  ”  <<  passphraseLength  «  endl; 

//  find  length  of  pass  phrase 

//  Create  KPG  context.  Use  password  as  the  key  generation  seed 
seedData. Length  =  passphraseLength;  //  default  passphrase  length 
seedData. Data  -  (unsigned  char*) 

mein_fx.Tnalloc_func  (seedData, Length, NULL)  ; 
meTncpy( seedData. Data, ppassphrase,  seedData. Length)  ; 

seed.Param  =  &seedData; 
seed. Callback  =  NULL; 

//  Initialize  the  password  information 
password_data.Length  =  passphraseLength; 
password_data.Data  =  (unsigned  char*) 

mem_f X . malloc__f xinc  (password_data .  Length,  NULL)  ; 
memcpy  (password_data . Data ,  ppassphrase , password__data .  Length)  ; 

password.  Par  am  =  &:password_data;‘ 
pas  sword .  Cal  Iback  =  NULL  ; 

cout  <<  "passphrase  :  ”; 

for  (int  t  =  0;  t  <  passphraseLength;  t++)  { 

cout  <<  password__data.Data  [t]  ; 

} 

cout  <<  <<  endl; 

keyGenContext  =  CSSM_CSP_CreateKeyGenContext (hCSP, 


CSSM_ALGID_DSA, 

// 

alg  ID 

&pas sword. 

// 

password 

512, 

// 

key  size  in  bits 

&:seed. 

// 

seed 

NULL, 

// 

salt 

NULL, 

// 

start  date 

NULL, 

// 

end  date 

NULL)  ; 

// 

optional  params 

CS  SM_CRYPTO_DATA 
CSSM_DATA 
CS  SM_CRYPTO_DATA 
CSSM  DATA 


if  { !  keyGenContext ) 
{ 


cout  <<  "Failed  to  create  a  key  generation,  context"  «  endl; 


return  CSSM_FAIL; 

} 

//  tell  CSSM  to  allocate  memory  for  key 
publicKey->KeyData. Length  =  0; 
publicKey- >KeyData .Data  =  NULL; 

privateKey- >KeyData . Length  =0; 
privateKey- >KeyData . Data  =  NULL; 

result  =  CSSM_GenerateKeyPair (keyGenContext, 

CSSM_KEYUSE_ANY,  //  usage 

CSSM_KEyATTR_RETURN_DEFAULT,  //  attributes 

NULL,  //  label 

publicKey, 

CSSM_KEyUSE_ANY,  //  usage 

CSSM_KEYATTR_RETURN_DEFAULT,  //  attributes 
NULL,  //  label 
privateKey) ; 

CSSM_DeleteContext (keyGenContext) ; 

if (result  !=  CSSM_OK) 

{ 

cout  <<  "Failed  to  generate  key"  <<  endl; 

} 

cout  <<  "piiblic  key  :  "  <<  publicKey- >KeyData. Data  <<  endl; 
return  result; 

} 

//////////////////////////////////////////////////////////////////////// 

CSSM__DATA_PTR  MSHN_SignData  (CSSM__CSP_HANDLE  hCSP, 

CSSM_DATA_PTR  pClear,  //  bits  to  sign 
CSSM_KEY_PTR  pKey, 
char  *  password) 

{ 

//  create  signature  context 
CSSM_RETURN  cssmstatus; 

CSSM_CC_HANDLE  hSigContext; 

//  this  is  the  return  value 

CSSM_DATA__PTR  pSigned  =  (CSSM_DATA_PTR) mem_fx.malloc_func 
(sizeof(CSSM_DATA),NULL); 
pSigned->Data  =  NULL; 
pSigned->Length  =  0; 

CSSM_CRYPTO_DATA  cspData; 

CSSM_DATA  paramData ; 

//  Set  up  the  crypto  data 
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cspData. Callback  =  NULL; 

//  The  "cspData"  is  the  password  for  the  signer's  private  key 
cout  <<  "  password  length  "  <<  strlen (password)  «  endl; 

if  (strlen (password) ) 

{ 

paramData . Length  =  strlen(password); 
paramData . Data  =  (uintS*) 

TneTn__fx.malloc_func  (paramData. Length, NULL)  ; 
memcpy (paramData. Data,  password,  paramData . Length) ; 

}  else  { 

paramData . Length  =  0; 
paramData . Data  =  NULL; 

} 

cspData. Param  =  ^paramData ; 

cout  <<  "sig  context  password  length:  "  «  paramData . Length  <<  endl; 

hSigContext  =  CSSM_CSP_CreateSignatureContext (hCSP, 
CSSM_ALGID_SHAlWithDSA, 

&cspData, 
pKey) ; 

CSSM_ERROR_PTR  pError  =  CSSM_GetError ( ) ; 

cout  <<  "  error  creating  signing  context  code  "  <<  pError->error 
<  <  endl ; 

cout  <<  "  sig  context:  "  <<  hSigContext  <<  endl; 

if  (hSigContext  ==  0) 

{ 

cout  <<  "Error  creating  signature  context”  <<  endl; 
return  NULL; 

} 

CSSM_QUERy_SIZE_DATA  queryData; 

queryData.SizeInputBlock  =  pClear->Length; 
queryData . SizeOutputB lock  =  0; 

CSSM_QuerySize (hSigContext, 

CSSM_TRUE,  //  for  encryption 
1,  //  1  block 

&queryData) ; 

pError  =  CSSM_GetError () ; 

cout  <<  ”  error  querying  signing  data  code  "  <<  pError- >error 
<<  endl; 
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//  allocate  memory  to  hold  the  encrypted  bits 
pSigned->Length  =  queryData.SizeOutputBlock; 
pSigned->Data  =  (unsigned  char*) 

mem_f X . malloc__func  (queryData .  SizeOutputBlock, NULL)  ; 

cssmstatus  =  CSSM__SignData  (hSigContext, 

pClear, 

1/ 

pSigned) ; 


pError  =  CSSM_GetError { ) ; 

cout  <<  ”  error  signing  data  code  "  <<  pError->error  <<  endl; 


CSSM  DeleteContext  (hSigContext)  ; 


} 


if  (cssmstatus  !=  CSSM_OK) 

{ 

cout  <<  "Signature  failed" 
return  NULL; 

}  ■ 


else 

{ 

} 


return  pSigned; 


<<  endl; 


//////////////////////////////////////////////////////////////////////// 

CSSM_BOOL  MSHN_VerifyData(CSSM_CSP_HMIDLE  hCSP, 

CSSM_DATA_PTR  pSigned,  //  bits  to  verify 
CSSM_DATA_PTR  pClear, 

CSSM_KEy_PTR  pKey) 

{ 


//  create  signature  verification  context 
CSSM_BOOL  cssmstatus; 

CSSM_CC_HANDLE  hVerif Context ; 

hVerif  Context  =  CSSM_CSP_CreateSignatureContext  (hCSP, 

CSSM_ALGID_SHAlWithDSA, 

NULL,  //  pass  phrase  not  needed 
pKey)  ; 

CSSM_ERROR_PTR  pError  =  CSSM_GetError ( )  ; 

cout  <<  "  error  creating  signing  context  code  ”  <<  pError- >error 
<<  endl; 

cout  <<  ”  verif  context:  ”  <<  hVerif  Context  <<  endl; 
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if  (hVerif Context  ==  0) 

cout  <<  "Error  creating  signature  context"  <<  endl; 
return  NOLL; 

} 


cssmstatus  =  CSSM_VerifyData (hVerif Context, 

pClear, 

1, 

pSigned)  ; 


pError  =  CSSM_GetError ( ) ; 

cout  «  "  error  verifying  data  code  "  «  pError->error  «  endl; 


CSSM  DeleteContext (hVerif Context) ; 


if  (cssmstatus  !=  CSSM_TRUE) 

{ 

cout  <<  "Verification  failed"  <<  endl; 
return (CSSM_FALSE) ; 

} 

else 

cout  <<  "\nSignature  matches  public  key"  <<  endl; 
return (CSSM_TRUE) ; 

} 


llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll 

CSSM_DATA_PTR  MSHN_DigestData  (CSSM_CC__HANDLE  hCSP, 


{ 


CSSM_DATA_PTR  pClear) 


CSSM_RETIIRN  cssmstatus; 

CSSM_CC_HANDLE  hdigestContext ; 

//  this  is  the  return  value 

CSSM  DATA_PTR  pdigest  =  (CSSM_DATA_PTR) mem_fx.malloc_func 
(sizeof (CSSM_DATA) ,NULL) ; 
pdigest ->Data  =  NULL; 
pdigest- >Length  =  0; 

hdigestContext  =  CSSM_CSP_CreateDigestContext (hCSP,  CSSM_ALGID_MD5)  ; 
if  (hdigestContext  ==  0) 

cout  <<  "Error  creating  digest  context"  <<  endl; 
return  NULL; 

} 


cssmstatus  =  CSSM_DigestData (hdigestContext, pClear, 1, pdigest); 
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CSSM__DeleteContext  (hdigest Context)  ; 

if  (cssmstatus  1=  CSSM__OK) 

{ 

cout  <<  "Digest  creation  failed"  <<  endl; 
return  NULL; 

} 

else 

{ 

return  pdigest; 

} 


//////////////////////////////////////////////////////////////////////// 

CSSM_KEY_PTR  MSHN_GenerateDESKey  (CSSM_CSP_HANDLE  hCSP, 

uint32  keySizeInBits) 

{ 

CSSM_RETURN  cssmstatus; 

CSSM_CC_HANDLE  hCC  =  NULL; 

hCC  =  CSSM_CSP_CreateKeyGenContext  (hCSP,  //  CSP  handle 

CSSM__ALGID_DES,  //  alg  ID 

NULL/  //  pass  phrase  not  req  for  DES 

keySizeInBits,  //  key  size 

NULL,  //  seed 

NULL,  //  salt 

NULL,  //  start  date 

NULL,  //  end  date 

NULL) ;  //  params 

if(hCC  ==  NULL) 

{ 

cout  <<  "Error  creating  key  generation  context"  <<  endl; 
return  NULL; 

} 

CSSM_KEY_PTR  pKey  = 

(CSSM_KEY_PTR)mem_fx.malloc_func  (sizeof  (CSSM^KEY)  ,NULL)  ; 

//  setting  these  fields  to  NULL  will  tell  the  CSP  to  allocate  the 

//  memory  for  us 

pKey- >KeyData . Data  =  NULL ; 

pKey- >KeyData . Length  =  0; 

cssmstatus  =  CSSM_GenerateKey (hCC,  //  context  handle 

CSSM__KEYUSE_ANy,  //  usage 

CSSM_KEYATTR__RETURN_DEFAULT,  //  attributes 
NULL,  //  label 
pKey) ;  //  the  key 
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CSSM_DeleteContext (hCC) ; 

if (cssmstatus  1=  CSSM_OK) 

{ 

cout  <<  "Error  creating  CSSM  key"  <<  endl; 
return  NULL; 

} 

return  pKey; 

} 

//////////////////////////////////////////////////////////////////////// 

CSSM_WRAP_KEY_PTR  MSHN_WrapKey (CSSM_CSP_HAMDLE  hCSP, 

CSSM_KEY_PTR  psymmetricKey, 

CSSM_KEY_PTR  praasterKey) 


{ 

CSSM_RETURN  cssmstatus; 

CSSM_CC_HANDLE  hCC  =  NULL; 

hCC  =  CSSM_CSP_CreateSymmetricContext (hCSP,  //  CSP  handle 

CSSM_ALGID_DES,  //  alg  ID 
CSSM_ALGMODE_CBCPadIV8 , 
pmasterKey, 

NULL,  //no  initial  vector 

CSSM_PADDING_PKCS  5 ,  / /padding 

0  /  /  0  roimds 

)  ; 

if{hCC  ==  NULL) 

{ 

cout  <<  "Error  creating  symmetric  context"  <<  endl; 
return  NULL; 

} 

CSSM_WRAP_KEY_PTR  pKey  = 

(CSSM_KEY_PTR)mem_fx.inalloc_func  (sizeof  {CSSM_KEY)  ,NULL)  ; 

//  setting  these  fields  to  NULL  will  tell  the  CSP  to  allocate  the 

//  memory  for  us 

pKey- >KeyData . Data  =  NULL; 

pKey- >KeyData . Length  =  0 ; 

cssmstatus  =  CSSM_WrapKey (hCC,  //  context  handle 

NULL,  //  passphrase 

psymmetricKey,  //  wrapped  key 

pKey)  ;  //  vinwrapped  key 


CSSM_DeleteContext (hCC) ; 

if (cssmstatus  !=  CSSM_OK) 

{ 

cout  <<  "Error  wrapping  key"  <<  endl; 
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return  NULL; 


} 

return  pKey; 

} 

//////////////////////////////////////////////////////////////////////// 

CSSM_KEY_PTR  MSHN_UnwrapKey (CSSM_CSP_HANDLE  hCSP, 

CSSM_WRAP_KEY_PTR  psymmetricKey, 

CSSM_KEY_PTR  pmasterKey) 


{ 

CSSM_RETORN  cssmstatus ; 

CSSM_CC_HANDLE  hCC  =  NULL; 

hCC  =  CSSM_CSP_CreateSytnmetricContext (hCSP,  //  CSP  handle 

CSSM_ALGID_DES,  //  alg  ID 
CSSM_ALGM0DE_CBCPadIV8 , 
pmasterKey, 

NULL,  //  no  initial  vector 
CSSM_PADDING_PKCS5 ,  //padding 

0  //  0  roimds 

)  ; 

if(hCC  ==  NULL) 

{ 

cout.  <<  "Error  creating  symmetric  context"  «  endl; 
return  NULL; 

} 

CSSM_KEY_PTR  pKey  = 

{CSSM_KEY_PTR)mem_fx.malloc_func (sizeof (CSSM_KEY)  ,NDLL)  ; 

//  setting  these  fields  to  NULL  will  tell  the  CSP  to  allocate  the 

//  memory  for  us 

pKey- >KeyData . Data  =  NULL; 

pKey- >KeyData . Length  =  0; 

cssmstatus  =  CSSM_UnwrapKey (hCC,  //  context  handle 

NULL,  //  passphrase 

psymmetricKey,  //  wrapped  key 

CSSM_KEYATTR_RETDRN_DEFAULT,  //  key  attributes 
NULL,  //  key  label 

pKey)  ;  /  /  vinwrapped  key 

CSSM_DeleteContext (hCC) ; 

if (cssmstatus  !=  CSSM_OK) 

{ 

cout  <<  "Error  unwrapping  key"  <<  endl; 
return  NULL; 

} 

return  pKey; 

} 
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L.  SHOWUTIL.H 

//  Written  by  David  Shifflett 

// 

#include  <iostream.h> 

#include  <stdlib.h> 

#include  <cssm.h> 

#include  <oidscert.h> 

#include  <oidsalg.h> 

#ifndef  _showutil_h 
#define  _showutil_h 

void  *  certmgr_malloc  (uint32  size,  void  *allocRef) ; 

void  certmgr_free  (void  *mem_ptr,  void  *allocRef ) ; 

void  *  certmgr_realloc  (void  *ptr,  uint32  size,  void  *allocRef) ; 

void  *  certmgr_calloc  (uint32  nutn,  uint32  size,  void  *allocRef) ; 

void  f  ix_key_size  (CSSM_KEy_PTR  ppiiblicKey) 

CSSM  BOOL  match_field(CSSM_DATA_PTR  pstring,  const  char*  toMatch, 

“  const  char*  delimiter,  int  field_j>os) ; 

char**  Split (int*  numStrings,  const  char*  toSplit,  const  char* 
delimiter) ; 

void  show  error  (char  *err _ label) ; 

void  show_pointer  (uintS  *in_data,  int  length,  char  *label) ; 

void  show_data  (const  CSSM_DATA  in_data,  char  *label) ; 

void  show_data_char  (const  CSSM_DATA  in_data,  char  *label) ; 

void  show_data_ptr  (const  CSSM_DATA_PTR  in_ptr,  char  *label,  uint32 

num_datas ) ; 

void  show_data_char_ptr  (const  CSSM_DATA_PTR  in_ptr,  char  *label,  uint32 

num__datas )  ; 

CSSM  BOOL  isequaloid  (CSSM_OID  oidl,  CSSM__OID  oid2)  , 

CSSM_BOOL  translate_oid  (CSSM_OID  in_oid,  char  *label) ; 
void  show_oid  (CSSM_OID  in_oid,  char  *label) ; 

void  show_oid_ptr  (CSSM_OID_PTR  in_j)tr,  char  *label,  uint32  num_oids) ; 
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CSSM_DATA_PTR  get_cert___f  ield  (CSSM_DATA_PTR  certdata,  CSSM_CL__HANDLE 

clhand,  CSSM__OID  oid)  ; 

void  show_cert_f ield (CSSM_DATA_PTR  certdata,  CSSM_CL_HANDLE  clhand, 

char  *label,  CSSM_OID  oid,  CSSM_BOOL  translate) ; 

void  show_cert__fields  (CSSM_DATA_PTR  certdata,  CSSM_CL_HANDLE  clhand); 

void  show__ds_cert_siibj  (CSSM_DL__DB__HANDLE  dbhand,  CSSM_MODULE_HANDLE 

clhand) ; 

void  show_ds__certs  (CSSM_DL_DB_HANDLE  dbhand,  CSSM_MODULE_HANDLE 

clhand)  ; 

CSSM_DATA_PTR  get_siib j ect_cert  (CSSM_DL_DB_HANDLE  dbhand, 

CSSM_MODULE_HANDLE  clhand, 
char  *siibjectname)  ; 

void  show__date  (CSSM_DATE_PTR  in_j>tr,  char  *label)  ; 

void  show_key  (CSSiyi_KEY_PTR  in_ptr,  char  *label)  ; 

void  show_f ieldjptr  (CSSM_FIELD_PTR  in_j)tr,  char  *label,  uint32 

num__f  ields)  ; 

void  show_cl_services  (void  *  in_j>tr,  uint32  num_siibsvc)  ; 
void  show_datastore_names  (CSSM_DLSUBSERVICE_PTR  sub__ptr)  ; 
void  show_dl_services  (void  *  in_ptr,  uint32  num_subsvc)  ; 
void  show_hard_csp  (CSSM__HARDWARE_CSPSUBSERVICE_INFO  siabsvc)  ; 
void  show_soft_Csp  (CSSM_SOFTWARE__CSPSUBSERVICE_INFO  snbsvc)  ; 
void  show_csp_services  (void  *  in_ptr,  uint32  num_subsvc)  ; 
void  show_tp_services  (void  *  in_j)tr,  uint32  num^snbsvc)  ; 
void  show_services  (CSSM_SERVICE_INFO_PTR  svc_ptr)  ; 
void  show_mod  (CSSM__MODULE_INFO_PTR  Tnod_ptr)  ; 

void  show__list  (CSSM__LIST_PTR  csp_list,  CSSM_SERVI CEPHAS K  svcmask, 
CSSiyi_INFO_LEVEL  info_lvl)  ; 

void  show_cssm_inf  o  ( )  ; 

void  show_all_modules 0 / 

#endif  //  _showutil__h 
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M.  SHOWUTIL.CPP 

//  Written  by  David  Shifflett 
#include  <iostream.h> 

#include  <stdlib.h> 

#include  <cssm.h> 

#include  <oidscert.h> 

#include  <oidsalg.h> 

#include  <x5 09def s . h> 

#include  " showut il .  h" 

#include  ”mshn_mem . h" 

#ifdef  DEBUG_MSHN_KEY 
char  debug_in [80]  ; 

#endif 


void  fix_key_size  (CSSM_KEY_PTR  ppublicKey) 

{ 

switch  (pp\iblicKey->KeyHeader,EffectiveKeySizeInBits) 

{ 

case  584 : 
case  528 : 
case  536 : 

ppublicKey- >KeyHeader . Ef f ectiveKeySizeInBits  = 
break ; 


case  840: 
case  784: 

ppublicKey- >KeyHeader . Eff ectiveKeySizeInBits  = 
break; 


512; 


768; 


case  1112: 
case  1048: 
case  1032: 

ppublicKey- >KeyHeader . Eff ectiveKeySizeInBits  =  1024 ; 

break; 

} 

#ifdef  DEBUG_MSHN_KEY 

show_key (ppublicKey,  "Fix  Key  After"); 

cout  <<  endl  <<  "Press  enter  ";  cin.getline (debug_in,  80); 
#endif 


} 


CSSM_BOOL  match_field (CSSM_DATA_PTR  pstring, 

const  char*  delimiter, 

{ 

CSSM  BOOL  retval  =  CSSM_FALSE; 


const  char*  toMatch, 
int  field_pos) 
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char**  stringArray  =  NULL; 
int  numStrings  =  0; 


if  (pstring  &&  (pstring->Data)  &&  (pstring->Length  >0)  && 
(pstring->Data [pstring->Length-l]  ==  0)) 

{ 

StringArray  =  Split  (&numSt rings,  (char*) pstring- >Data, 
delimiter) ; 

if  (numStrings  >=  field_pos+l) 

{ 

char  *target  =  stringArray  [field_j)os]  ; 
if  (strcmp (target ,  toMatch)  ==  0) { 
retval  =  CSSM_TRUE; 

} 

} 

//  Clean  up 
if  (numStrings) 

{ 

for  (int  j=0;  j<numStrings;  j++) 

mshn_free (stringArray [j] ,NULL) ; 
mshn_free (stringArray, NULL) ; 

} 

} 

return  retval; 

} 

char**  Split (int*  numStrings,  const  char*  toSplit, 
const  char*  delimiter) 

{ 

char**  toRetum  =  NULL; 
char*  pCurrent  =  (char  *)toSplit; 
char*  pNext  =  NULL; 
int  count  =  0; 

if  (ItoSplit  II  InumStrings  ||  Idelimiter)  return  NULL; 

//  First,  we  have  to  get  find  the  number  of  items 
*numStrings  =  1; 
while  (pCurrent ) 

{ 

pNext  =  strstr (pCurrent,  delimiter); 
if  (pNext)  { 

(*numSt rings) ++; 

pCurrent  =  pNext  +  strlen (delimiter) ; 

}  else  { 

pCurrent  =  NULL; 

} 

} 
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//  Now,  allocate  the  array  of  strings  to  return 

toReturn  =  (char**) mshn_malloc  (sizeof  (char*)  *  *numSt rings, NULL) 
if  (! toReturn)  return  NULL; 

//  Now  fill  in  each  string 
count  -  0; 

pCurrent  =  (char  *)toSplit; 
pNext  =  NULL; 

while  (count  <  *numStrings) 

{ 

pNext  =  strstr (pCurrent,  delimiter); 
if  (pNext)  { 

toReturn [coimt]  =  (char*) mshn_malloc(sizeof (char)  * 

( (pNext  -  pCurrent)  +  1) ,NULL) ; 
memcpy  ( toReturn  [  coaint  ]  ,  pCurrent ,  (pNext  -  pCurrent ) )  ; 
toRetum[co\int]  [pNext-pCurrent]  =  '\0'; 

}  else  { 

toReturn [count]  =  (char*) mshn_malloc (sizeof (char)  * 
(strlen (pCurrent)  +  1) ,NULL) ; 
strcpy (toReturn [count] ,  pCurrent); 

} 

//  Skip  past  the  delimiter 

pCurrent  =  pNext  +  strlen (delimiter) ; 

coiHit++; 

} 

return  toReturn; 

} 

void  show_error  (char  *err_label) 

{ 

CSSM_ERROR_PTR  the_error  =  CSSiyi_GetError  ( )  ; 

if  (  (the__error  !=  NULL)  &&  (the_error->error  !=  CSSM_OK) )  { 

char  *err_out  =  (( (er relabel  !=  NULL)  && 

(strlen (err_label)  >0))  ?  err__label:  "”); 
cout  <<  "Error  number  is  ("  <<  the_error->error 
<<  ")  "  <<  err_out  <<  endl; 

} 

} 

void  show_pointer  (uintS  *in_data,  int  length,  char  *label) 

{ 

if  (in_data  !=  NULL)  { 

cout  <<  label  <<  "  DATA  is  ("  «  length  <<  ") "  <<  endl; 
int  line_cntr  =  0; 

for  (int  idx=:0;  ( (idx< length)  &&  (line_cntr<5)  )  ;  idx++)  { 

cout  <<  "  "  <<  (int) in_data [idx] ; 
if  ((idx>0)  &&  ((idx  %  19)  ==  0) )  { 
cout  <<  endl; 
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line_cntr++; 

} 

} 

cout  «  endl; 

} 

} 

void  show_data  (const  CSSM_DATA  in_data,  char  *label) 

{ 

if  {in_data.Data  i =  NULL)  { 

cout  <<  label  <<  "  DATA  is  {"  <<  in_data . Length  <<  <<  endl; 

int  line_cntr  =  0; 

for.  (int  idx=0;  ( (idx<in_dat a. Length)  &&  {line_cntr<5) )  ;  idx++)  { 
cout  <<  ”  ”  <<  (int)  in__data.Data  [idx]  ; 

if  ((idx>0)  &&  ((idx  %  19)  ==  0) )  { 
cout  <<  endl; 
line_cntr++; 

} 

} 

cout  <<  endl; 

} 

} 

void  show_data_char  (const  CSSM_DATA  in_data,  char  *label) 

{ 

if  (in__data.Data  !  =  NULL)  { 

cout  <<  label  <<  "  DATA  is  ("  «  in_dat a . Length  <<  ")"  «  endl; 
for  (int  idx=0;  idx<in_dat a. Length;  idx++)  { 
cout  <  <  ( char ) in_data . Data [ idx]  ; 

} 

cout  <<  endl; 

} 

} 

void  show_data_ptr  (const  CSSMJDATA_PTR  in_ptr,  char  *label, 

uint32  num_datas) 

{ 

cout  <<  "Number  of  "  <<  label  <<  "  DATA  "  «  num_datas  «  endl; 
if  ( (num_datas  >0)  &&  (in_ptr  !=  NULL))  { 
for  (int  jdx=0;  j dx<num_datas ;  jdx++)  { 
show_data (in_ptr  [  jdx] ,  label); 

} 

} 

} 

void  show_data_char_j)tr  (const  CSSM_DATA_PTR  in__ptr,  char  *  label, 

uint32  num  datas) 
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cout  <<  "Number  of  "  <<  label  <<  "  DATA  "  <<  num_datas  <<  endl 
if  ( (num_datas  >  0)  &&  {in_ptr  !=  NULL))  { 
for  (int  jdx=0;  jdx<num_datas;  jdx++)  { 

show_data_char (in_ptr [jdx] ,  label) ; 

} 

} 

} 

CSSM_BOOL  isequaloid  {CSSM_0ID  oidl,  CSSM_OID  oid2) 

{ 

CSSM_BOOL  result  =  CSSM_FALSE; 

if  (oidl. Length  ==  oid2. Length)  { 

if  {memcmp( oidl. Data,  oid2.Data,  oidl. Length) 
result  =  CSSM_TRUE; 

} 

} 

return  result; 

} 

CSSM_B00L  translate_oid  (CSSM_OID  in_oid,  char  *label) 

{ 

CSSM_BOOL  result  ^  CSSM_FALSE; 
if  (in_oid.Data  !=  NULL)  { 
result  =  CSSM_TRUE; 
char  *the_type; 
if  (isequaloid (in_oid, 

CSSMOID_X509V3SignedCertificate)  ==  CSSM_TRUE)  { 
the_type  =  "CSSMOID_X509V3SignedCertif icate" ; 

}else  if  (isequaloid (in_oid, 

CSSMOID_X509V3Certificate)  ==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509V3Certif icate" ; 

}else  if  (isequaloid (in_oid, 

CSSM0ID_X509VlVersion)  ==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509VlVersion" ; 

}else  if  (isequaloid (in_oid, 

CSSMOID_X509VlSerialNutnber)  ==  CSSM_TRUE)  { 

the_type  =  "CSSiyiOID_X509VlSerialNumber"  ; 
}else  if  (isequaloid (in_oid, 

CSSMOID_X509VlIssuerName)  ==  CSSM_TRUE)  { 

the_tYpe  =  "CSSMOID_X509VlIssuerName"  ; 

}else  if  (isequaloid (in_oid, 

CSSM0ID_X509VlValidityNotBefore)  ==  CSSM_TRUE)  { 

the_type  =  "CSSM0ID_X509VlValidityNotBefore" 
}else  if  (isequaloid (in_oid, 

CSSMOID_X509VlValidityNotAf  ter)  ==  CSSM_TRUE)  { 

the_type  =  "CSSM0ID_X509VlValidityNotAfter"  ; 
}else  if  (isequaloid (in_oid, 

CSSMOID_X509VlSubjectName)  ==  CSSM_TRUE)  { 
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the_type  =  "CSSMOID_X509VlSubjectName" ; 

}else  if  (isequaloid(in_oid, 

CSSMOID_CSSMKeyStruct)  ==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_CSSMKeyStruct" ; 

}else  if  (isequaloid(in_oid, 

CSSM0ID_X5  0  SVlSvib  j  ectPiiblicKeyAlgorithm) 

==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509VlSvibjectPviblicKeyAlgorithra"  ; 
}else  if  {isequaloid(in_oid, 

CSSM0ID_X5  09VlSvib  j  ectPiiblicKeyAlgorithmParameters ) 

==  CSSM_TRUE)  { 
the_type  = 

"  CSSM0ID_X5  0  9VlSub  j  ectPiiblicKeyAlgorithinParameters  "  ; 
}else  if  (isequaloid(in_oid, 

CSSMOID_X509VlSubjectPiiblicKey)  ==  CSSM_TRtJE)  { 
the_type  =  "CSSMOID_X509VlS^lbjectP^lblicKey'' ; 

}else  if  (isequaloid(in_oid, 

CSSMOID_X509VlCertificateIssuerUniqueId) 

==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509VlCertif  icatelssuerUniqueld" ; 
}else  if  (isequaloid(in_oid, 

CSSMOID_X509VlCertificateSiibjectUniqueId) 

==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509VlCertif  icateSiibjectUniqueld" 
}else  if  {isequaloid(in_oid, 

CSSM0ID_X5  0  9 V3  Cert if i cat eExt ens ionS t rue t ) 

==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509V3CertificateExtensionStruct" 
}else  if  (isequaloid(in_oid, 

CSSMOID_X509V3CertificateNumberOf Extensions) 

==  CSSM_TRUE)  { 
the_type  = 

"CSSM0ID_X509V3CertificateNumberOfExtensions"; 

}else  if  {isequaloid(in_oid, 

CSSMOID_X509V3CertificateExtensionId)  ==  CSSM_TRUE)  { 
the_type  =  "CSSMOID_X509V3CertificateExtensionId"  ; 
}else  if  (isequaloid(in_oid, 

CSSM0ID_X509V3CertificateExtensionCritical) 

==  CSSM_TRUE)  { 
the_type  = 

"CSSMOID_X509V3Certif icateExtensionCritical" ; 

}else  if  (isequaloid(in_oid, 

CSSM0ID_X5 0 9V3Certif icateExtensionType) 

==  CSSM_TRUE)  { 

the_type  =  "CSSMOID_X509V3Certif icateExtensionType" ; 
}else  if  (isequaloid(in_oid, 

CSSM0ID_X5  0  9V3  Cert if icateExtens ionValue ) 

==  CSSM_TRUE)  { 

the_tYpe  =  "CSSM0ID_X509V3CertificateExtensionValue"  ; 
}else  if  (isequaloid(in_oid, 

CSSMOID_X509VlSignatureStruct)  ==  CSSM_TRUE)  { 
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the_type  =  "CSSMOID_X509VlSignatureStruct" ; 

}else  if  (isequaloid(in_oid, 

CSSMOID_X509VlSignatureAlgorithm)  ==  CSSM_TRUE)  { 
the_tYpe  =  ''CSSMOID_X509VlSignatureAlgorithni"  ; 
}else  if  (isequaloid(in_oid, 

CSSMOID_X509VlSignatureAlgorithmParameters) 

==  CSSM_TRUE)  { 
the_type  = 

" CS  SMOID_X5  0  9V1S ignatureAlgori thmParameters " ; 

}else  if  (isequaloid{in_oid, 

CSSMOID_X509VlSignature)  ==  CSSM_TRUE)  { 
the_type  =  "CSSMOID_X509VlSignature" ; 

}else{ 

result  =  CSSM_FMiSE; 
if  (result  ==  CSSM_TRUE)  { 

cout  «  label  «  "  OID  is  «  the_type  «  " «  endl; 

} 

} 

return  result; 

} 

void  show_oid  (CSSM_OID  in_oid,  char  *label) 

{ 

if  (in_oid.Data  !=  NULL)  { 

cout  <<  label  <<  "  OID  is  ("  «  in_oid . Length  «  ")  chars"; 
for  (int  idx=0;  idx<in_oid. Length;  idx++)  { 
cout  «  "  "  <<  (int) in_oid. Data [idx] ; 

} 

cout  <<  endl; 

} 

} 


void  show_oid_jptr  (CSSM_OID_PTR  injptr,  char  *label,  uint32  num_oids) 

^  cout  «  "Number  of  "  «  label  «  "  OIDs  "  «  num_oids  «  endl; 

if  ( (num_oids  >0)  &&  (in_ptr  !=  NULL))  { 

for  (int  jdx=0;  j dx<num_oids ;  jdx++)  { 

if  (translate_oid(in_ptr [jdx] ,  label)  !=  CSSM_TRUE)  { 
show_oid (in_ptr [jdx] ,  label); 

} 

} 

} 

} 


CSSM_DATA_PTR  get_cert_f ield (CSSM_DATA_PTR  certdata, 

clhand,  CSSM_OID  oid) 


{ 


CSSM  CL  HANDLE 
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CSSM_HMIDLE  ResultsHandle  =  NULL; 
uint32  numFields  =  0; 

CSSM_DATA_PTR  pData  =  NULL; 

if{clhand  ==  CSSM_INVALID_HANDLE) 

{ 

cout  <<  "Invalid  CL  handle"  <<  endl; 

}else  if  ( 1 certdata) 

{ 

cout  <<  "No  certificate  data"  <<  endl; 

}else{ 

CSSM_ClearError ( )  ; 

pData  =  CSSM__CL_CertGetFirstFieldValue  (clhand, 

certdata,  &oid,  &ResultsHandle,  &numFields)  ; 

if  (1 pData) 

{ 

show_error  { "CSSM_CL_CertGetFirstFieldValue'' )  ; 
cout  <<  "No  field  found  for  OID"  <<  endl; 
show_oid (oid,  "cert  field"); 

} 

} 

return  pData; 

} 

void  show_cert_field{CSSM_DATA_PTR  certdata,  CSSM_CL_HANDLE  clhand, 

char  *label,  CSSM_OID  oid,  CSSM_B00L  translate) 

{ 

CSSM_HANDLE  ResultsHandle  =  NULL; 
uint32  n\imFields  =  0; 

CSSM_DATA_PTR  pData  =  NULL; 

if (clhand  ==  CSSM_INVALID_HANDLE) 

{ 

cout  <<  "Invalid  CL  handle"  <<  endl; 

}else  if  (I certdata) 

{ 

cout  <<  "No  certificate  data"  <<  endl; 

}else{ 

CSSM_ClearError ( )  ; 

pData  =  CSSM_CL_CertGetFirstFieldValue (clhand, 

certdata,  &oid,  ^ResultsHandle ,  fenumFields) ; 

if  (1 pData) 

{ 

show_error ( "CSSM_CL_CertGetFirstFieldValue" ) ; 
cout  <<  "No  field  foimd  for  OID"  <<  endl; 
show_oid{oid,  "cert  field") ; 

}else{ 
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for  (uint32  idx=0;  idx<nuinFields ;  idx++)  { 
if  (translate  ==  CSSM_TRIIE)  { 

CSSM_DATA_PTR  pstring; 

pstring  =  (CSSM_DATA_PTR) CSSM_CL_PassThrough  { 
clhand,  0 , 

INTEL_X5  0  9V3_PASSTHROUGH_TRANSLATE_DERNAME_TO_STRING , 
pData) ; 

show_data_char ( *pstr ing ,  label ) ; 
mshn_free (pstring- >Data,  NULL) ; 

}else{ 

show_data_char (*pData,  label); 

} 

mshn_free  (pData“>Data,  NULL)  ; 

pData  =  CSSM_CL_CertGetNextFieldValue  (clhand, 
ResultsHandle) ; 

} 

//  Finished  retrieving  fields 
if  (ResultsHandle) 

CSSM_CL_CertAbortQuery (clhand,  ResultsHandle) ; 

} 

} 

} 

void  show_cert_f ields (CSSM_DATA_PTR  certdata,  CSSM_CL_HANDLE  clhand) 

{ 

CSSM_KEY_PTR  kData  =  NULL; 

if (clhand  ==  CSSM_INVALID_HaNDLE) 

{ 

cout  <<  "Invalid  CL  handle"  <<  endl; 

}else  if  (! certdata) 

{ 

cout  <<  "No  certificate  data"  <<  endl; 

}else{ 

show_cert_field( certdata,  clhand,  "subject  name", 
CSSMOID_X509VlSubjectName,  CSSM_TRUE) ; 
show_cert_field (certdata,  clhand,  "issuer  name", 
CSSMOID_X509VlIssuerName,  CSSM_TRUE) ; 
show_cert_field( certdata,  clhand,  "serial  number", 
CSSMOID_X509VlSerialNumber,  CSSM_PALSE) ; 
show_cert_field (certdata,  clhand,  "valid  from", 

CSSMOID_X509VlValidityNotBefore,  CSSM_FALSE) ; 
show_cert_field (certdata,  clhand,  "valid  to", 

CSSMOID_X509VlValidityNotAfter,  CSSM_FALSE) ; 
kData  =  CSSM_CL_CertGetKeyInfo (clhand,  certdata) ; 
show_key (kData,  "Public  Key") ; 
mshn_free (kData- >KeyData. Data,  NULL) ; 

} 

} 
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void  show_ds_cert_siabj  (CSSM_DL_DB_HANDLE  dbhand, 

CSSM_MODULE_HANDLE  clhand) 

{ 

CSSM_HANDLE  ResultsHandle  =  NULL; 

CSSM_QUERY  Query; 

CSSM_BOOL  EODS; 

CSSM_DATA  Data; 

CSSM_DB_UNIQUE_RECORD_PTR  record_j>tr ; 

//  Use  a  NULL  filter  to  CSSM  to  get  all  certificates  in  database 
Query. NumSelectionPredicates  =  0; 

Query. SelectionPredicate  =  NULL; 

Query. Re cordType  =  CSSM_DL_DB_RECORD_CERT; 

Query. Conjunctive  =  CSSM_DB_NONE ; 

record_ptr  =  CSSM_DL_DataGetFirst  (dbhand,  &Query,  SResultsHandle , 
&E0DS,  NULL,  &Data) ; 
show_error ( "CSSM_DL_DataGetFirst" )  ; 

CSSM_ClearError ( ) ; 

//if  end  of  data  store  before  we  even  begin... 
if  ( (EODS  ==  CSSM_TRUE)  | |  (recordjptr  ==  NULL) )  { 
cout  «  "Couldn't  get  first  record"  <<  endl; 

} 


int  cntr  =  1; 

while  ( (EODS  ==  CSSM_FALSE) ) 

{ 

//  now  show  some  of  the  certificate  fields 
show_cert_field(&Data,  clhand,  "siabject  name”, 
CSSMOID_X509VlSxibjectName,  CSSM_TRUE)  ; 
CSSM_DL_FreeUniqueRecord (dbhand, record_ptr) ; 

//  Get  the  next  certificate 

record__ptr  =  CSSM_DL_DataGetNext  (dbhand,  ResultsHandle,  &EODS, 
NULL ,  &Data ) ; 

showier ror ( ” CSSM_DL_DataGetNext ” )  ; 

CSSM_ClearError ( ) ; 

} 

//  Done  querying  for  information 
if  (ResultsHandle) 

CSSM_DL_AbortQuery (dbhand,  ResultsHandle) ; 


void  show_ds__certs  (CSSM__DL_DB_HANDLE  dbhand,  CSSM_MODULE_HANDLE  clhand) 

{ 

CSSM_HANDLE  ResultsHandle  =  NULL; 

CSSM_QUERY  Query; 

CSSM  BOOL  EODS; 
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CSSM_DATA  Data; 

CSSM_DB_UNIQUE_RECORD_PTR  record_ptr ; 

//  Use  a  NULL  filter  to  CSSM  to  get  all  certificates  in  database 
Query . NumSelectionPredicates  =  0; 

Query . SelectionPredicate  =  NULL; 

Query . RecordType  =  CSSM_DL_DB_RECORD_CERT ; 

Query .  Con  jxanctive  =  CSSM_DB_NONE; 

record_ptr  =  CSSM_DL_DataGetFirst  (dbhand,  &Query,  &ResultsHandle , 
&EODS,  NULL,  SiData)  ; 
show_error ( " CSSM_DL_DataGetFirst " ) ; 

CSSM_ClearError ( ) ; 

//if  end  of  data  store  before  we  even  begin. . . 
if  ( (EODS  ==  CSSM_TRUE)  | |  (record_ptr  ==  NULL) )  { 
cout  <<  "Couldn't  get  first  record"  «  endl; 

} 

int  cntr  =  1; 

while  ( (EODS  ==  CSSM_FALSE) ) 

{ 

cout  <<  "Data  record  number  "  <<  cntr++  «  endl; 

//  show_data (Data,  "from  data  store"); 

//  now  show  some  of  the  certificate  fields 
show_cert_f ields (SData,  clhand) ; 

CSSM_DL_FreeUniqueRecord (dbhand, record_ptr) ;  ■ 

//  Get  the  next  certificate 

record_ptr  =  CSSM_DL_DataGetNext  (dbhand,  ResultsHandle ,  &EODS, 
NULL,  &Data) ; 

show_error ( "CSSM_DL_DataGetNext" ) ; 

CSSM_ClearError ( ) ; 

} 

//  Done  querying  for  information 
if  (ResultsHandle) 

CSSM__DL_AbortQuery  (dbhand,  ResultsHandle)  ; 


CSSM_DATA_PTR  get_sub j ect_cert  (CSSM_DL_DB_HANDLE  dbhand, 

CSSiyi_MODULE_HANDLE  clhand, 
char  *subjectname) 

{ 

CSSM_DATA_PTR  retval  =  NULL; 

CSSM_HANDLE  ResultsHandle  =  NULL; 

CSSM_QUERY  Query; 

CSSM_BOOL  EODS; 

CSSM_DATA_PTR  certdata  = 

(CSSM  DATA_PTR) mshn_malloc (sizeof (CSSM_DATA_PTR) ,  NULL) ; 
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CSSM_DB_UNIQUE_RECORD_PTR  record_jptr; 

//  Use  a  NULL  filter  to  CSSM  to  get  all  certificates  in  database 
Query. NumSelectionPredicates  =  0/ 

Query.  SelectionPredicate  =  NULL; 

Query.  RecordType  =  CSSiyi_DL_DB_RECORD_CERT; 

Query.  Conjunctive  =  CSSM_DB_NONE; 

record__j)tr  =  CSSM_DL__DataGetFirst  (dbhand,  &Query,  &ResultsHandle, 
&E0DS,  NULL,  certdata) ; 
show_error  ( "CSSM_DL__DataGetFirst" )  ; 

CSSM_ClearError() ; 

//  if  end  of  data  store  before  we  even  begin... 
if  { (EODS  ==  CSSM_TRUE)  | |  (record_ptr  ==  NULL) )  { 
cout  <<  "Couldn't  get  first  record"  <<  endl; 

}else{ 

int  cntr  =  1; 
int  found  =  0 ; 

while  ({EODS  ==  CSSM_FALSE)  &&  ! found) 

{ 

//  now  find  the  certificate  matching  the  siabject 
CSSM_DATA_PTR  sdata  =  get_cert_field (certdata,  clhand, 

CSSMOID_X509VlSubjectName)  ; 

CSSM_DATA_PTR  pstring; 

pstring  =  (CSSM_DATA_PTR)  CSSM_CL_PassThrough  (clhand,  0, 

INTEL_X50  9V3_PASSTHROUGH_TRANSLATE_DERNAME_TO_STRING , 
sdata) ; 

show_data_char {*pstring,  "trying  subject  name")  ; 
CSSM__DL_FreeUniqueRecord  (dbhand,  recordjptr)  ; 

if  (match_field (pstring,  sxib j ectname ,  4)  ==  CSSM_TRUE)  { 

found  =  1; 
retval  =  certdata; 

}else{ 

//  Get  the  next  certificate 

record_jptr  =  CSSM_DL_DataGetNext  (dbhand,  ResultsHandle, 
&E0DS,  NULL,  certdata) ; 
show_error ( " CSSM_DL_DataGetNext " ) ; 

CSSM_ClearError 0 ; 

} 

} 

} 

//  Done  querying  for  information 
if  { ResultsHandle) 

CSSM_DL_AbortQuery  (dbhand,  ResultsHandle)  ; 
return  retval; 

} 
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void  show_date  {CSSM_DATE_PTR  in_ptr,  char  *label) 

{ 

if  (in_ptr  ==  NOLL)  { 

cout  «  label  <<  ”  NOLL  date  input"  <<  endl; 

}else{ 

cout  <<  label  <<  "  year : month : day  "  <<  in_ptr->Year  << 
<<  in__ptr->Month  «  <<  in_ptr->Day  <<  endl; 

} 

} 

void  show_key  (CSSM_KEY_PTR  in_jptr,  char  *label) 

{ 

if  (in__ptr  ==  NOLL)  { 

cout  <<  label  <<  "  NULL  key  input"  <<  endl; 

}else{ 

char  *sdt  =  "  starting  date"; 
char  *edt  =  "  ending  date  " ; 
char  *slabel  =  (char*) mshn_malloc 

(strlen (label) +strlen(sdt) +1,  NULL) ; 
strcpy (slabel,  label) ; 
s treat (slabel,  sdt) ; 
char  *elabel  =  (char*)mshn_malloc 

(strlen  (label) +strlen (edt) +1,  NULL) ; 
strepy (elabel,  label) ; 
streat (elabel,  edt) ; 

CSSM_KEYHEADER  kh  =  in_ptr- >KeyHeader ; 


cout 

<< 

label 

<< 

M 

header  version 

11 

<< 

kh.HeaderVersion  <<  endl; 

cout 

<< 

label 

<< 

n 

blob  type 

II 

<< 

kh.BlobType  <<  endl; 

cout 

<< 

label 

<< 

II 

format 

II 

<< 

kh. Format  <<  endl; 

cout 

<< 

label 

<< 

II 

algorithm  ID 

n 

<< 

kh.Algorithmld  <<  endl; 

cout 

<< 

label 

<< 

II 

key  class 

II 

<< 

kh.KeyClass  <<  endl; 

cout 

<< 

label 

<< 

II 

key  size,  bits 

II 

<< 

kh.EffectiveKeySizeInBits 

<< 

endl  ; 

cout 

<< 

label 

<< 

II 

key  attributes 

II 

<< 

kh.KeyAttr  <<  endl; 

cout 

<< 

label 

<< 

11 

key  usage 

II 

<< 

kh.KeyUsage  <<  endl; 

show_ 

_date(&(kh.StartDate) ,  slabel) 

/ 

show_ 

date (& (kh.EndDate) ,  elabel) ; 

cout 

<< 

label 

<< 

11 

wrap  alg  ID 

11 

<< 

kh.WrapAlgorithmId  <<  endl 

cout 

« 

label 

<< 

11 

wrap  mode 

II 

<< 

kh.WrapMode  <<  endl; 

show_data  ( in_jptr-  >KeyData ,  label )  ; 
mshn^free (slabel,  NULL) ; 
mshn_free (elabel,  NULL) ; 

} 

} 

void  show_field_j>tr  {CSSM_FIELD_PTR  injptr,  char  *label,  uint32 

num_fields) 

{ 


236 


cout  <<  "Number  of  "  <<  label  <<  ”  FIELDS  ”  <<  num_fields  <<  endl 
if  { (num_f  ields  >  0)  &&  (in_j)tr  1=  NULL))  { 

//  for  (int  jdx=0;  jdx<num__f ields;  jdx++)  { 

//  cout  «  "Not  NULL”  <<  endl; 

//  CSSM^OID  oid__val  =  in_ptr->FieldOid; 

//  uint32  zxzx  = . (uint32) in_ptr; 

//  cout  «  "Not  NULL2"  «  endl; 

//  cout  <<  zxzx  <<  endl; 

//  CSSM_FIELD  field_val  =  in_j)tr  [  jdx]  ; 

//  show_oid(field_val.FieldOid,  label); 

//  show_data (field_val .FieldValue,  label); 

//  } 

} 

} 


void  show_cl_services  (void  *  in_ptr,  uint32  num_subsvc) 

{ 

if  {in_ptr  !=  NULL)  { 

CSSM_CLSUBSERVICE_PTR  siib_ptr  =  (CSSM_CLSUBSERVICE_PTR)  in_j)tr; 
for  (int  idx=0;  idx<num_subsvc ;  idx++)  { 

cout  <<  "Sub-service  ID  "  <<  sub_j>tr->SubServiceId  <<  endl; 
cout  <<  "Description  "  <<  sub_ptr->Description  <<  endl; 
cout  <<  "Cert  type  "  <<  sub_ptr->CertType  <<  endl; 
cout  <<  "Cert . encoding  "  <<  sub_ptr- >CertEncoding  <<  endl; 
cout  <<  "Authentication  Mechanism  " 

<<  sub_j)tr->AuthenticationMechanism  <<  endl; 
show_oid_j)tr  (siib_j>tr->CertTemplates,  "Template" , 
sub_j)tr->NumberOfTemplateFields)  ; 
cout  <<  "Num  translate  types  " 

<<  sub_ptr->NumberOfTranslationTypes  <<  endl; 
cout  <<  "Num  encoder  prods.  " 

<<  sub_j>tr- >WrappedProduct .NumberOfEncoderProducts 
<<  endl; 

cout  <<  "Num  CAs  accessible  " 

<<  sub_ptr->WrappedProduct .NumberOfCAProducts  <<  endl; 
sub_ptr++; 

} 

}else{ 

cout  <<  "NULL  subservice"  <<  endl; 

} 

} 

void  show__datastore_names  (CSSM__DLSUBSERVICE_PTR  sub_ptr) 

{ 

if  {si±>_j)tr  1=  NULL)  { 
if  (sub_ptr->DataStoreNames  1=  NULL) 

{ 

for  (int  iclxl=0;  idxl  <  sub_ptr->DataStoreNames->NumStrings; 
idxl++)  { 
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} 


cout  <<  siibjptr->DataStoreNatnes->String [idxl]  <<  endl; 


} 

} 

} 

void  show_dl_services  (void  *  in_ptr,  uint32  num_siibsvc) 

{ 

if  (in_ptr  !=  NULL)  { 

CSSM_DLSUBSERVICE_PTR  sub__ptr  =  {CSSM_DLSUBSERVICE_PTR)  in_ptr; 
for  (int  idx=0;  idx<num_subsvc ;  idx++)  { 

cout  <<  "Sub- service  ID  "  <<  sub_ptr->SubServiceId  <<  endl 
cout  <<  "Description  "  <<  sub_ptr->Description  <<  endl; 
cout  <<  "Type  "  <<  sub_ptr->Type  <<  endl; 
if  (siib_ptr->Type  ==  CSSM_DL_ODBC)  { 

cout  <<  "OBDC  attributes"  <<  endl; 

}else{ 

cout  <<  "Unknown  attribute  type"  <<  endl; 

} 

cout  <<  "Num  rel.  oper.  " 

<<  sub_ptr->NuTnberOfRelOperatorTypes  <<  endl; 
cout  <<  "Num  conj .  oper.  " 

<<  sub__ptr->NumberOfConjOperatorTypes  <<  endl; 
cout  <<  "Query  limits  supported  " ; 
if  (sub__ptr->QueryLimits Supported  ==  CSSM__TRUE)  { 
cout  <<  "TRUE"  <<  endl; 

}else{ 

cout  <<  "FALSE"  <<  endl; 

} 

cout  <<  "Num  data  stores  "  <<  sub__ptr->NutnberOfDataS tores 
<<  endl; 

if  (sub_ptr->DataStoreNames  !=  NULL) 

{ 

cout  <<  "There  are  " 

<<  s\ib_ptr- >DataS toreNames - >NumStrings 
<<  "  names"  <<  endl; 
show_datastore_names  (sub_j)tr)  ; 

}else{ 

cout  <<  "Data  Store  Names  is  NULL"  <<  endl; 

} 

sxab_ptr++; 

} 

}else{ 

cout  <<  "NULL  siibservice"  <<  endl; 

} 

} 

void  show_hard_CSp  (CSSM_HARDWARE_CSPSUBSERVICE_INFO  Slibsvc) 

{ 


238 


cout  <<  "HARDWARE  subservice"  <<  endl; 

} 

void  show_soft_csp  (CSSM_SOFTWARE_CSPSUBSERVICE_INFO  siibsvc) 

{ 

cout  <<  "SOFTWARE  subservice"  <<  endl; 
cout  <<  "Nuniber  of  capabilities  " 

<<  subsvc .NumberOf Capabilities  <<  endl; 

/ /  show_context  ( subsvc .  CapabilityList , 

//  "SOFTWARE  CSP  capabilities", 

//  subsvc. NumberOf Capabilities) ; 

//if  {in_j)tr  !=  NULL)  { 

//  }else{ 

//  } 


n - ========== - - - - - - - - 

void  show_csp_services  (void  *  in_j)tr,  uint32  num_subsvc) 

{ 

if  (injptr  1=  NULL)  { 

CSSM_CSPSUBSERVICE_PTR  sub_j>tr  =  {CSSM_CSPSUBSERVICE_PTR)  in_ptr; 
for  (int  idx=0;  idx<num_subsvc ;  idx++)  { 

cout  <<  "Sub-service  ID  "  <<  sub_ptr->SubServiceId  <<  endl; 
cout  <<  "Description  "  <<  sub_j)tr->Description  <<  endl; 
cout  <<  "Flags  "  <<  sub_ptr->CspFlags  <<  endl; 
cout  <<  "Custom  Flags  "  <<  sub__ptr->CspCustomFlags  <<  endl; 
cout  <<  "Access  Flags  "  <<  sub_j)tr->Ac  cess  Flags  <<  endl; 
cout  <<  "CSP  type  "  <<  sub_ptr->CspType  <<  endl; 
if  (sub_jptr->CspType  ==  CSSM_CSP_SOFTWARE)  { 

show_sof t__csp  (siib_ptr->SoftwareCspS\ibService)  ; 

}else{ 

show_hard_csp  { sub_ptr-  >HardwareCspSubService)  ; 

} 

sub_j)tr++; 

} 

}else{ 

cout  <<  "NULL  subservice"  <<  endl; 

} 

} 

— ^========================================= — ========= 

void  show_tp_services  (void  *  in_ptr,  uint32  num_subsvc) 

{ 

if  (in_ptr  !=  NULL)  { 

CSSM_TPSUBSERVICE_PTR  Sllb_ptr  =  (CSSM_TPSUBSERVICE_PTR)  in_ptr; 
for  (int  idx=0;  idx<num_stibsvc ;  idx++)  { 

'  cout  <<  "Svib-service  ID  "  <<  sub_ptr->SvibServiceId  «  endl; 
cout  <<  "Description  "  <<  sub_jptr->Description  <<  endl; 
cout  <<  "Cert  type  "  <<  sub_ptr->CertType  <<  endl; 
cout  <<  "Authentication  Mechanism  " 
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} 


<<  sub_j>tr->AuthenticationMechanism  <<  endl; 
show_field_j)tr (sub_j>tr->PolicyIdentifiers,  "Policy  Id", 
sub_ptr-  >NuTiiberOf Policyidentif  iers)  ; 

sub_ptr++ ; 

} 

}else{ 

cout  <<  "NULL  s\ibservice”  <<  endl; 


} 


void  show_services  ( CSSM_SERVICE_INFO_PTR  svc_ptr) 

{ 

if  (svc^ptr  !=  NULL)  { 

cout  <<  "Description  "  <<  svcj)tr->Description  <<  endl; 
cout  <<  "Type  "  <<  svc_jptr->Type  <<  endl; 
cout  <<  "Flags  "  <<  svc_ptr->Flags  <<  endl; 
cout  <<  "Number  Of  Sub-Services  " 

<<  svc_ptr->NuTnberOfSubServices  «  endl; 
if  {svc__ptr->Type  ==  CSSM__SERVICE_CL)  { 

show_cl_services  ( svc_j)tr-  >SubServiceList , 
svcjptr->NumberOfSubServices) ; 

}else  if  (svc__ptr->Type  ==  CSSM_SERVICE_DL)  { 

show_dl_services  { svc_jptr-  >SubServiceList , 
svc_ptr->NumberOfSubServices) ; 

}else  if  (svc_ptr->Type  ==  CSSM__SERVICE_CSP)  ( 

show_csp_services  ( svc jptr-  >SubServiceList , 
svc_ptr->NuTnberOfSubServices)  ; 

}else  if  (svc_j>tr->Type  ==  CSSM_SERVICE_TP)  { 

show_tp_services  ( svc_ptr-  >SubServiceList , 
svc_ptr->NutnberOf  SubServices)  ; 

} 

} 

} 

void  show_mod  (CSSM_MODULE_INFO_PTR  mod_j)tr) 
if  (mod^ptr  !=  NULL)  { 

cout  <<  "Version  (Major)  "  <<  mod_ptr->Version. Major  <<  endl 
cout  <<  "Description  "  <<  mod_j)tr->Description  <<  endl; 
cout  <<  "Vendor  "  <<  modjptr->Vendor  <<  endl; 
cout  <<  "Flags  "  <<  mod_ptr->Flags  <<  endl; 
cout  <<  "Service  Mask  "  «  mod_ptr->ServiceMask  <<  endl; 
cout  <<  "Number  Of  Services  "  <<  mod^tr->NumberOf Services 
<<  endl; 

show_services (mod_ptr->ServiceList) ; 

} 

} 
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void  show_list  {CSSM_LIST_PTR  csp_list,  CSSM_SERVICE_MASK  svcmask, 

CSSM_INFO_LEVEL  info_lvl) 

{ 

if  (csp_list  1=  NULL)  { 

cout  «  endl  <<  "Number  of  modules  "  «  csp_list->NumberItems 
<<  endl; 

CSSM__LIST_ITEM_PTR  csp_ptr  =  csp_list->Items  ; 

for  (int  idx=0;  idx<csp_list->NumberItems ;  idx++)  { 

cout  <<  csp_ptr [idx] .GUID.Datal  <<"  "<<  csp_ptr [idx] .Name 
<<  endl; 

//  Now  get  the  module  info 
CSSM_ClearError ( ) ; 

CSSM_MODULE_INFO_PTR  mod_j>tr  =  CSSM_GetModuleInf o 
(& (csp_ptr [idx] .GUID) , 
svcmask,  CSSM_ALL__SUBSERVICES, 
info_lvl)  ; 

if  (mod_j)tr  !=  NULL)  { 
show_mod(mod_ptr)  ; 

}else{ 

show^error { "CSSM^GetModulelnfo" ) ; 

} 

CSSM_FreeModuleInf  o  {mod_j)tr)  ; 

//  csp_ptr++; 

} 

}else{ 

cout  <<  "Empty  list"  <<  endl; 


} 


} 


void  show_cssm_info 0 

{ 

//  now  get  the  cssm  info 
CSSM_CSSMINFO__PTR  cssm_inf o_ptr ; 

CSSM__ClearError  ( )  ; 
cssm_info_ptr  =  CSSM_GetInfo () ; 
if  (cssm_info_ptr  1=  NULL)  { 
cout  <<  "CSSM  description 
<<  endl; 

cout  <<  "CSSM  vendor 
cout  <<  "CSSM  location 
cout  <<  "CSSM  version (major) 

<<  endl; 

cout  <<  "CSSM  version (minor) 

<<  endl; 

if  (cssm_info_ptr->ThreadSafe  ==  CSSM_TRUE)  { 
cout  <<  "CSSM  is  thread  safe"  <<  endl; 

}else{ 

cout  <<  "CSSM  NOT  thread  safe"  <<  endl; 

} 


<  <  c  s  sm_inf o_p t r - >De s cr ip t ion 

<<  cssm_info_ptr->Vendor  <<  endl; 

<<  cssm_info__ptr->Location  <<  endl; 
<<  cssm_info_ptr->Vers ion. Major 

<<  cssm_info__ptr->Vers ion. Minor 
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}else{ 

show__error  ( "CSSM_GetInf  o" )  ; 

} 

CSSM_FreeInfo  (cssm_info_j)tr)  ; 

CSSM_ClearError ( )  ; 

CSSM__RETURN  verify  =  CSSM_VerifyComponents  ()  ; 
if  (verify  ==  CSSM_FALSE)  { 

show__error  ( "  CSSM__Verif yComponent s  " )  ; 

} 

CSSM_ClearError ( )  ; 

} 


void  show_all_modules  ( ) 

{ 

//  now  get  the  list  of  modules 
CS  SM_LI ST_PTR  C sp_l i S t ; 

csp  list  =  CSSM_ListModules (CSSM_SERVICE_CSP,  CSSM_FALSE) ; 
show_list  (csp_list,  CSSM_SERVICE_CSP,  CSSM_INFO_LEVEL_SUBSERVICE) 
CSSM_FreeList (csp_list)  ; 

csp_list  =  CSSM_ListModules {CSSM_SERVICE_DL,  CSSM_FALSE); 
show_list  {csp_list,  CSSM_SERVICE_DL,  CSSM_INFO_LEVEL_ALL_ATTR)  ; 
CSSM_FreeList (csp_list) ; 

csp_list  =  CSSM_ListModules (CSSM_SERVICE_CL,  CSSM_FALSE) ; 
show_list  (csp_list,  CSSM_SERVICE_CL,  CSSM_INFO_LEVEL_ALL_ATTR)  ; 
CSSM_FreeList (csp_list) ; 

csp_list  =  CSSM_ListModules (CSSM_SERVICE_TP,  CSSM_FALSE) ; 
show_list  (csp_list,  CSSM_SERVICE_TP,  CSSM_INFO_LEVEL_SX}BSERVICE)  ; 
CSSM_FreeList (csp_list) ; 

} 


N.  MSHN_DEMO.H 

//  File:  mshn_demo.h 
//  Name:  David  Shifflett 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Coit^iler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  MSHN  demonstration  constant  definitions 
//***********■*■****■*■•*■*******'*■****'*■********■*■********■*■**** 

#ifndef  _MSHN_DEMO_H 
#define  MSHN_DEMO_H 
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//  MSHN  demonstration  constant  definitions 

//  Ports  to  be  used  for  demonstration  communications 

const  int  PORT_CLIENT_SCHEDULER  =  5001; 

const  int  PORT_CLIENT_RESOURCE  =  5002; 

const  int  PORT_RESOURCE_RSS  =5003; 

const  int  PORT_RESOURCE_RRD  =  5004; 

//  IP  addresses  of  demonstration  computers 
const  char  *IP_CLIENT  =  ''131.120.10.89"; 

const  char  *IP_SCHEDULER  =  "131.120.10.90"; 

const  char  *IP_RSS  =  "131.120.10.90"; 

const  char  *IP_RRD  =  "131.120.10.90"; 

const  char  *IP_RES0URCE_1  =  "131.120.10.94"; 

//  Filename  for  shared  key  storage 

const  char  *key_fname  =  "mshn.key"; 

//  Filename  for  shared  'REQUEST_DB' 

const  char  *reqdb_fname  =  "mshn.rdb"; 

#endif 


O.  MSHN_TyPES.H 

/y***************************************************** 

//***************************************************** 

//  File  :  mshn_types  .  h 
//  Name:  David  Shifflett 
// 

/ /  Pro j  ect :  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  MSHN  demonstration  type  definitions 
//**************+************************************** 

#ifndef  _MSHN__TYPES_H 
#define  _MSHN_TYPES_H 

//  MSHN  demonstration  type  definitions 

//  Data  passing  structure,  to  be  used  for  keys,  certificates, 
//  chxmks  of  data  to  be  encrypted,  decrypted,  signed,  etc. 
typedef  struct  mshn_data  { 
unsigned  int  the_length; 
xmsigned  char  *the_data; 

}  mshn__data; 
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//  Commvmication  security  options 
typedef  enum  comm_security  { 


COMSEC_NONE  =  0, 
COMSEC_INT  =  1, 
COMSEC_CON  =  2 , 
COMSEC_BOTH  =  3, 
}  coinm_security; 


//  No  communications  security 
//  Communications  are  signed 
//  Communications  are  encrypted 
//  Communications  are  signed  and  encrypted 


//  Certificate  validation  levels 
typedef  enum  cert_checking  { 

CERT_NONE  =0,  //No  certificate  validation 

CERT_AUTH  =1,  //  Check  certificate  authenticity 

CERT  REV  =2,  //  Check  for  certificate  revocation 

CERt''b0TH  =3  //  Check  certificate  authenticity  and  revocation 

}  cert_checking ; 


//  Signed  fields  bitmasks 


#define  SIGN_N0NE  0x0 

#define  SIGN_ALL  0x1 

#define  SIGN_1  0x2 

#define  SIGN_2  0x4 

#define  SIGN_3  0x8 

#define  SIGN_4  0x10 

#define  SIGN_5  0x20 

#define  SIGN_6  0x40 

#define  SIGN_7  0x80 


//No  fields  are  signed 
//  All  fields  are  signed 

//  First  field  is  signed 

//  Second  field  is  signed 
//  Third  field  is  signed 
//  Fourth  field  is  signed 
//  Fifth  field  is  signed 

//  Sixth  field  is  signed 

//  Seventh  field  is  signed 


//  MSHN  signature 
typedef  struct  mshn_sig  { 

int  fields_set;  //  Use  'signed  fields  bitmasks'  to  set/check 
mshn_data  signature;  //  The  actual  signature 
}  mshn_sig; 


//  MSHN  security  token 
typedef  struct  mshn_token  { 

int  reguest  id;  / /  Job  reguest  identifier 

mshn_data  job_session_key;  //  Job  session  key,  should  be  encrypted 
}  mshn_token; 


#endif 


P.  MSHN_DEFS.H 

j /***************************************************** 
//  File:  mshn_defs.h 
//  Name:  David  Shifflett 
// 

//  Project:  MSHN 

// 
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//  Operating  Environment:  Windows  95 /Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  MSHN  constant  definitions 
//***************************************************** 

#ifndef  _MSHN_DEFS_H 
#define  _MSHN_DEFS_H 

//  MSHN  booleans 

#define  MSHN_TRUE  1 

#define  MSHN_FALSE  0 

#endif 

Q.  MSHN_MEMeH 

//  MSHN  Memory  Function  Header  File 
//  Written  by  David  Shifflett 
#ifndef  _MSHN__MEM_H 
#define  _MSHN_MEM_H 

typedef  unsigned  int  uint32; 

//  memory  function  headers 

void  *  mshn_malloc  {uint32  size,  void  *allocRef) ; 

void  mshn_free  (void  *mem_j>tr,  void  *allocRef ) ; 

void  *  mshn_realloc  (void  *ptr,  uint32  size,  void  *allocRef) ; 

void  *  mshn_calloc  (uint32  num,  uint32  size,  void  *allocRef) ; 
#endif 


R.  MSHN_ERR.H 

/ /***************************************************** 
//  File:  mshn_err.h 
//  Name:  David  Shifflett 
// 

//  Project:  MSHN 

// 

//  Operating  Environment:  Windows  95/Windows  NT 
//  Compiler:  Borland  C++  for  Windows 
//  Date:  18  MAY  98 
// 

//  Description:  MSHN  error  code  definitions 
//*******************++******************************** 
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#ifndef  _MSHN_ERR_H 
idefine  _MSHN_ERR_H 

//  MSHN  Security  layer  error 
#define  MSHN_OK 
#define  MSHN_UNKNOWN_ERROR 
#define  MSHN_SL_BASE_ERROR 
#define  MSHN_NOT_INITIALIZED 
#define  MSHN_INITIALIZED 
#define  MSHN_ALG_NOT_FOUND 
#define  MSHN_CERT_NOT_FODND 
#define  MSHN_CERT_INVALID 
#define  MSHN_CERT_REVOKED 
#define  MSHN_INVALID_SIG 

#endif 


codes 

0 

-1 

-1000 

(MSHN_SL_BASE_ERROR  -1) 
(MSHN_SL_BASE_ERROR  -2) 
(MSHN_SL_BASE_ERROR  -3) 
(MSHN_SL_BASE_ERROR  -4) 
(MSHN_SL_BASE_ERROR  -5) 
(MSHN_SL_BASE_ERROR  -6) 
(MSHN  SL  BASE_ERROR  -7) 
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APPENDIX  C.  MSHN  DEMONSTRATION  OPERATING  INSTRUCTIONS 


A.  EQUIPMENT/SOFTWARE  SETUP 

The  demonstration  program  is  configured  to  run  on  three  personal 
computers  using  the  Windows  NT  operating  system.  These  computers  must 
be  linked  via  a  network  that  supports  TCP/IP  communications  protocol. 

IP  addresses  and  port  numbers  can  be  modified  to  specify  the  particular 
computers  you  will  use  for  the  demonstration.  These  parameters  are 
stored  in  the  MSHN_DEMO.H  file. 

The  demonstration  program  requires  the  use  of  Intel's  CDSA  version 
1.2.  This  software  may  be  obtained  from  Intel  at  their  web  site 
{http://developer.intel.com/ial/security).  The  MSHN  demonstration 
program  assumes  you  have  installed  CDSA  in  the  default  directory: 

"c: \cdsa_1.2\" . 

The  MSHN  demonstration  program  is  written  in  C++.  We  used  Borland 
C++  5.0  to  compile  the  source  code.  The  MSHN  demonstration  described  in 
this  appendix  assumes  you  have  compiled  the  source  code  and  placed  the 
executable  files  in  the  following  directory:  "c:\cdsa_1.2\demo9\". 

Intel's  CDSA  comes  with  a  sample  application  program  called 
"certmgr.exe"  This  program  can  be  used  to  create  a  certificate 
database,  certificates,  and  public/private  key  pairs.  Prior  to  running 
the  MSHN  demonstration,  you  must  create  a  certificate  database  for  each 
personal  computer  used  in  the  demo.  The  MSHN  demonstration  program 
assumes  you  will  name  the  certificate  database  on  each  PC  "mshn"  .  You 
must  create  a  certificate  for  each  user  and  compute  resource  along  with 
the  corresponding  public/private  key  pairs.  You  must  also  create  a  MSHN 
core  certificate  and  distribute  it  to  the  core  components  you  will  be 
using.  The  certmgr  program  has  a  utility  for  importing  and  exporting 
certificates  to  floppy  disk.  Use  this  utility  to  distribute  the  MSHN 
core  certificate  to  each  of  the  PC's  serving  as  a  MSHN  core  component. 

Intel's  CDSA  does  not  come  with  a  public/private  key  encryption 
algorithm.  Therefore,  a  symmetric  (DES)  key  is  used  in  its  place.  This 
shared  symmetric  key  must  be  created  and  distributed  to  each  of  the 
components  before  execution.  The  demonstration  assumes  you  will  store 
this  key  in  a  file  called  "mshn. key". 
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B.  EXECUTING  THE  DEMO 
1 .  Start  Up 


Follow  these  instructions  for  operating  the  MSHN  demonstration 
program.  Instructions  are  followed  by  an  illustration. ^  The 
illustrations  show  the  program  output  as  the  demonstration  progresses. 


On  the  machine  that  will  serve  as  the  client,  open  an  MS-DOS  window  and 
execute  the  command  "client”. 


hShoftcultoCind.exe  


Mici'osof t <K>  Windows  NIXTH) 

<C>  CGp.vi'ight  1985-1996  Hicrosoft 

C:\WiNNI\syst  6^32  >cti\cdsa_J..2\demo9 

C:\CJ)S^^_i.2\deRo9>clier^t 


On  the  machine  that  will  serve  as  the  resource,  open  an  MS-DOS  window 
and  execute  the  command  "resource". 


MS-DOS  Prompt 


HHIS 


C:\CDSA„1 .2\DEn09>dir 
Uoltme  io  drive  C  has  no  label. 
UoluPie  Serial  Nurtiber  is  8088  -  51^49 

D ire c  t  o ry  of  C *  \CDS 8 .  2 \DEf109 


05/18/98 

05/18/98 

83/25/97 

04/30/98 

85/18/98 


03 :19p 
03:19p 
05:02a 
12:32p 
03:08p 

5  File<s> 


<B!B> 

<DIK> 

303.104  cw3230.dll 
84  mshiu.kei? 
733.279  resource.exe 
1.036.46?  bs?tes 
1.864.392.704  bytes  free 


C :  \CDS _i  -  2  \i)EI109  >re s ourc e 


hil 
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On  the  machine  that  will  serve  as  the  MSHN  core,  you  must  open  three  MS- 
DOS  Windows . 


In  the  first  window,  execute  the  program  "scheduler". 


MS-DOS  Piompt 


In  the  second  window,  execute  the  program  "rss". 


In  the  third  window  execute  the  program  "rrd". 


Command  Prompt 

C :  \GDSI^  _Jl  .  2\der>o9  >rFd 


Starting  the  scheduler:  After  you  start  the  scheduler  program,  the 
scheduler  will  ask  you  to  enter  your  certificate  name. 


Enter  the  name  of  the  MSHN  core  certificate.  For  our  demonstration,  the 
certificate  is  named  "MSHN  core" . 


Next  you  must  enter  the  pass  phrase  for  the  private  key  of  the  MSHN  core 
certificate.  Note  that  the  pass  phrase  will  not  echo  to  the  display. 


The  pass  phrase  is:  cdsacdsa. 
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Next  the  scheduler  will  ask  you  to  enter  the  required  communications 
security  option. 


You  may  choose  from  none,  integrity,  confidentiality  or  both. 


Next  the  scheduler  will  ask  you  to  enter  the  required  certificate 
validation  level. 


You  may  choose  from  none,  check  authenticity,  check  revocation  list,  or 
both. 


MS-DOS  Prompt  -  scheduler 


Enter  your  certificate  nasne:  HSHN  core 
Certificate  ok 

Enter  the  pass  phrase  for  your  private  key* 

Enter  the  cortjminications  security  option: 

0  -  None 

1  --  Integrity 

2  Conf  identlality 

3  ““  Both 
3 

Enter  the  certificate  validation  level: 

6  “  None 

1  -  Check  fnithenticity 

2  -  Check  Revocation  List 

3  -  Both 
3 

i^ccepting  connections  froi^  Client  on  port  5081 


Now  the  scheduler  is  ready  to  accept  connections  from  the  client. 


Starting  the  resource  status  server:  After  you  start  the  resource  status 
server  program,  it  will  ask  you  to  enter  the  certificate  name  for  the 
MSHN  core . 


For  our  demonstration,  the  certificate  is  named  "MSHN  core". 


Next  you  must  enter  the  pass  phrase  for  the  private  key  of  the  MSHN  core 
certificate . 


The  pass  phrase  is:  cdsacdsa . 


250 


Next  the  RSS  will  ask  you  to  enter  the  required  communications  security 
option. 


You  may  choose  from  none,  integrity,  confidentiality  or  both. 

Next  the  RSS  will  ask  you  to  enter  the  required  certificate  validation 
level . 


You  may  choose  from  none,  check  authenticity,  check  revocation  list,  or 
both. 


;  5  Command  Prompt  -  rss 


Enter  your  certificate  F)ar.^e:  HSHH  core 
Certificate  ok 

Enter  tlie  phrace  for  5;our  private  key: 

Enter  the  consriunications  security  option: 

8  -  None 

1  -  Integrity 

2  -  Conf identiality 

3  -  Both 


Enter  the  certificate  validation  level: 

8  -  None 

1  -  Check  ^^uthe^t^city 

2  “  Check  Revocation  List 

3  -  Both 
3 

f^ccepting  connections  irom  Resource  on  port  5883 


til 


Now  the  RSS  is  ready  to  accept  connections  from  the  compute  resource. 


Starting  the  resource  requirements  database:  After  you  start  the 
resource  requirements  database  program,  it  will  ask  you  to  enter  the 
certificate  name  for  the  MSHN  core. 


For  our  demonstration,  the  certificate  is  named  "MSHN  core". 


Next  you  must  enter  the  pass  phrase  for  the  private  key  of  the  MSHN  core 
certificate . 


The  pass  phrase  is:  cdsacdsa. 
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Next  the  RRD  will  ask  you  to  enter  the  required  communications  security 
option. 


You  may  choose  from  none,  integrity,  confidentiality  or  both. 


Next  the  RRD  will  ask  you  to  enter  the  required  certificate  validation 
level . 


You  may  choose  from  none,  check  authenticity,  check  revocation  list,  or 
both. 


Command  Prompt  -  rrd 


Enter  5#our  certificate  nai^^e:  fISHH  ccjre 
Certificate  ok 

Enter  the  pass  phrase  far  prii^ate  ke^i 

Enter  the  coji^minicat ions  security  option: 

0  -  Hone 

1  -  Integriti^ 

2  -  Conf identialit 

3  -  Botli 


Enter  the  certificate  validation  level: 

0  -  Hone 

1  -  Check  Authenticity 

2  Check  Revocation  List 

3  -  Both 
3 

Accepting  corsnections  frorrj  Resource  on  port  5004 


Now  the  RRD  is  ready  to  accept  connections  from  the  compute  resource. 


Starting  the  compute  resource:  After  you  start  the  compute  resource 
program,  it  will  ask  you  to  enter  the  certificate  name  for  the  compute 
resource.  For  our  demonstration,  the  certificate  is  named  “resourcel" . 


Next  you  must  enter  the  pass  phrase  for  the  private  key  of  the  resource 
certificate . 


The  pass  phrase  is:  cdsacdsa. 


Next  the  resource  will  ask  you  to  enter  the  required  communications 
security  option. 
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You  may  choose  from  none,  integrity,  confidentiality  or  both. 


Next  the  resource  will  ask  you  to  enter  the  required  certificate 
validation  level. 


You  may  choose  from  none,  check  authenticity,  check  revocation  list,  or 
both. 


Now  the  resource  is  ready  to  accept  connections  from  the  client. 

Starting  the  MSHN  client:  After  you  start  to  the  MSHN  client  shell 
program,  it  will  ask  you  to  enter  the  certificate  name  for  the  user. 

For  our  demonstration,  the  certificate  is  named  "Roger  Wright". 

Next  you  must  enter  the  pass  phrase  for  the  private  key  of  the  user's 
certificate . 

The  pass  phrase  is:  password. 

Next  the  client  will  ask  you  to  enter  the  required  communications 
security  option. 

You  may  choose  from  none,  integrity,  confidentiality  or  both. 

Next  the  client  will  ask  you  to  enter  the  required  certificate 
validation  level . 

You  may  choose  from  none,  check  authenticity,  check  revocation  list,  or 
both . 
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Shortcut  to  Cmd.exe  -  client 


Enter  your  certificate  nanne:  Roger  Alright 
Certificate  ok 

Enter  the  phra^je  for  irnor  private  key: 

Enter  the  cornmunicat ions  security  option: 

0  -  None 

1  -  Integrity 

2  -  Conf identialxty 

3  -  Both 


Enter  the  certificate  validation  level: 

8  -  None 

1  -  Check  ^^uthent icity 

2  ”  Check  Revocation  List 

3  *-  Both 
3 

Choose  an  application  to  submit  to  HCHN- 
Submit  job^  wait  for  results,  display  results. 

Continue?  Enter  y/n.  y 


zmm 


Now  you  must  choose  an  application  to  run.  Enter  your  choice  from  one 
to  five. 
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job  execution 


The  client  has  signed,  encrypted,  and  bundled  the  user  ID,  user 
certificate,  schedule  information,  and  signature. 


[Connection  made 
pui-*  socket  is  <3?2>- 
pur  port  is  <S001>« 

Our  addre s s  is  <  1 3 i  .  1 20  - 1  £1  ~  9iS >  - 
Our  current  state  is  <Connected>v 

[total  lengtk  988 

[Sending  everything-  908  foytes. 

[Sent  <9e8>  bytes- 

[Comfiunications  Security  Option  <3> 

[User  IB  length  bytes* 

[User  Certificate  length  <808>  bytes- 

[Schedule  Info  length  <3  6>  bytes* 

[Client  Signature  length  <56 >  bytes. 

[Sent  <908>  bytes. 


zl 


This  bundle  has  been  transmitted  to  the  scheduler.  The  scheduler  has 
received  the  bundle,  decrypted  it,  and  verified  the  signature. 


The  scheduler  pauses  to  display  the  user  name  and  application  submitted. 
Make  sure  the  scheduler  window  is  active  and  press  enter  to  continue. 


MS-DOS  Prompt  -  scheduler 


ficcepting  connections  from  Client  on  port  5681 
Heceioed  <988>  bytes. 

Communication  security  option  <3> 

Client  IB  length  <16 >  bytes. 

Client  certificate  length  <806>  bytes 

Job  information  length  <16 >  bytes . 

Glierit  signature  length  <56 >  bytes. 

Heceioed  <968>  bytes. 


Number  of  User  Id  i 

User  Id  BklB  is  <12> 

Boger  llright 

Number  of  Job  Info  1 

Job  Info  is  <12> 

kppiicat ion3 


[%r 


The  scheduler  simulates  the  calculation  of  a  scheduling  solution.  The 
scheduler  encrypts  and  signs  a  bundle  containing  the  compute  resource 
ID,  job  information,  security  token,  job  session  key,  and  MSHN  core 
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certificate.  This  bundle  is  transmitted  back  to  the  client.  The 
scheduler  now  waits  for  the  next  job  scheduling  request. 


MS-DOS  Prompt  -  scheduler 


total  lersgth  1184 

Sending  everything:  1184  bytes. 

Sent  <1184)  foytes- 
Be source  IB 

length  <lb>  bytes. 

Job  inforp^ation 

length  <40>  bytes. 

Security  token 

length  <96>  bytes. 

Job  session  key 

length  <88 )  bytes . 

HSHN  core  certificate 

length  <792>  bytes . 

Scheduler  signature 

length  <48 >  bytes. 

Accepting  connections 

froR  Client  on  port  S081 

The  client  receives  the  scheduling  information  bundle  from  the 
scheduler.  This  bundle  is  decrypted  and  verified. 


The  client  creates  a  signed  and  encrypted  bundle  containing  the 
communications  security  option,  job  information,  security  token,  and 
user  certificate.  This  bundle  is  transmitted  to  the  compute  resource. 


Shortcut  to  Cmd.exe 


Beceiued  <1104>  bytes.. 

Kesoui'ce  ID  len,qth  <!&>  bytes- 

Job  Info  ienc^th  <40>  bytes  . 

Security  Token  les^gth  <96  >  bytes - 

Job  Session  Key  len<jtb  <88 >  bytes* 

HSHH  Core  Certificate  iengrtb  <?92>  bytes. 


4 


Scheduler  Signature  length  <4S>  bytes. 
Sending  Job  to  corfspute  resource-. 
Connection  r^ade 
Our  socket  is  <372>- 
Our  port  is  <SM2)* 

Our  address  is  <131 -120*10. 94> . 

Our  current  state  is  <Connected>- 


total  length  1004 

Sending  everything:  1004  bytes. 

Sent  <i084>  bytes- 

CoriRunicat ions  Security  Option 

Job  Info 

Security  Token 

User  Certificate 

Client  Signature 

Sent  <1004>  bytes - 


<3> 

length  <40>  bytes - 
length  <96 >  bytes* 
length  <800>  bytes, 
length  <48 >  bytes* 


The  compute  resource  receives  the  job  information  bundle  from  the 
client.  The  resource  decrypts  and  verifies  the  bundle. 


The  resource  executes  the  user's  application  and  collects  the  results. 
The  results  are  signed  and  encrypted.  The  results  are  then  transmitted 
back  to  the  client. 
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The  compute  resource  signs  and  encrypts  a  bundle  containing  the  resource 
ID  and  status  information  for  the  job  just  completed. 


This  bundle  is  transmitted  to  the  resource  status  server. 


The  compute  resource  signs  and  encrypts  a  bundle  containing  the  resource 
ID  and  requirements  information  for  the  job  just  completed. 


This  bundle  is  transmitted  to  the  resource  requirements  database. 


The  compute  resource  has  finished  processing  the  job  and  now  waits  for 
the  next  job  request. 


The  resource  requirements  database  receives  the  bundle  from  the  compute 
resource.  The  bundle  is  decrypted  and  verified.  The  RRD  displays  the 
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user,  the  resource,  and  the  requirements  information.  The  RRD  has 
finished  processing  the  job  and  now  waits  for  the  next  update. 


Command  Prompt  -  rrd 


iHeceived  <104>  bytes. 

iJob  request  IB 
iBesource  IB 
I  Re  source  requirerients 
iRe source  signature 
lEeceived  <i84>  bytes - 


<5388> 

length  <16>  bytes, 
info  lengtJs  <48)  bytes, 
length  <32 >  bytes. 


|For  request  ID«  S388 
iPOtlNI):  cGfi^nun icatlon  security-  3 
IfOUMB:  user  id  «  Roger  ilright 

IFOUHI):  session  key: 
i^essiofs  key  1)818  is  <84> 

2  8  0  0  Si  46  90  225  134  3  289  1?  156  189  8  160  201  112  129  98 
08880880  14  8002800  40  80 
00800800  128  0800000880 
088088008008008808  IS 
8  8  2  23  13  1  0 
iBeceioed  update  frori^  resource 
iBe source  id  =  re sour cel 

iBequir entente  info  :  This  is  sainple  job  requirerrserits  data 

pccepting  connections  frors  Resource  on  port  5084 


The  resource  status  server  receives  the  bundle  from  the  compute 
resource.  The  bundle  is  decrypted  and  verified.  The  RSS  displays  the 
user,  the  resource,  and  the  resources  status  information.  The  RSS  has 
finished  processing  the  job  and  now  waits  for  the  next  update. 


Command  Prompt  -  rss 


Receioed  <96)  bytes. 

Job  request  ID  <5388 > 

Resource  ID  length  <16 >  bytes. 

Resource  status  info  length  <32 >  bytes. 

Resource  signature  length  <32 >  bytes - 
Received  <96)  bytes. 

For  request  ID:  5388 

FOUND:  communication  security:  3 

FOUND:  user  id  :  Roger  Uright 

FOUND:  session  key: 

session  key  D8IR  is  <84> 

2  0  0  8  51  46  98  225  134  3  209  17  156  109  0  168  281  112  129  98 
80080088  14  0082080  40  08 
80080080  128  8008008008 
800800800880088080  15 
8  0  2  23  13  1  0 
Received  update  from  resource 
Resource  id  :  resource! 

Resource  status  info  :  This  is  sample  job  st^itus  data 

Accepting  connections  from  Resource  on  port  5883 


The  client  receives  the  results  bundle  from  the  compute  resource.  This 
bundle  is  decrypted  and  verified. 
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The  client  displays  the  application  results  and  allows  the  user  the 
option  to  submit  another  job  to  MSHN. 


Keceiyed  <72 >  bytes- 

Results  length  <32>  bytes. 

Application  Signature  length  <32>  bytes. 

AFFLICATION  RESULTS 
|Xhis  is  saf^iple  Job  results 

Choose  an  application  to  submit  to  HSHN- 
Submit  Job,,  wait  for  results,,  display  results. 

Continue?  Enter  y/n.  n 

jC:\CBSR^.2\aemQ9>, 


To  stop  execution  of  the  servers,  press  "Ctrl  C 


This  completes  the  MSHN  security  services  demonstration  program. 
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